Warning! Unprivileged Linux Users With UID > INT_MAX Can Execute Any Command

in #technology6 years ago


Hold tight, this may blow your mind…
A low-privileged user account on most Linux operating systems with UID value anything greater than 2147483647 can execute any systemctl command unauthorizedly—thanks to a newly discovered vulnerability.

The reported vulnerability actually resides in PolicyKit (also known as polkit)—an application-level toolkit for Unix-like operating systems that defines policies, handles system-wide privileges and provides a way for non-privileged processes to communicate with privileged ones, such as "sudo," that does not grant root permission to an entire process.

The issue, tracked as CVE-2018-19788, impacts PolicyKit version 0.115 which comes pre-installed on most popular Linux distributions, including Red Hat, Debian, Ubuntu, and CentOS.

The vulnerability exists due to PolicyKit's improper validation of permission requests for any low-privileged user with UID greater than INT_MAX.

Where, INT_MAX is a constant in computer programming that defines what maximum value an integer variable can store, which equals to 2147483647 (in hexadecimal 0x7FFFFFFF).

So it means, if you create a user account on affected Linux systems with any UID greater than INT_MAX value, the PolicyKit component will allow you to execute any systemctl command successfully.

Security researcher Rich Mirch, Twitter handle "0xm1rch," has also released a proof-of-concept (PoC) exploit to successfully demonstrate the vulnerability that requires a user with the UID 4000000000.

Red Hat has recommended system administrators not to allow any negative UIDs or UIDs greater than 2147483646 in order to mitigate the issue until the patch is released.



Link to Original Article: https://hackhex.com/computer/warning-unprivileged-linux-users-with-uid-int_max-can-execute-any-command-1334.html

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
https://thehackernews.com/2018/12/linux-user-privilege-policykit.html

Congratulations @avalerion! You received a personal award!

Happy Birthday! - You are on the Steem blockchain for 1 year!

You can view your badges on your Steem Board and compare to others on the Steem Ranking

Vote for @Steemitboard as a witness to get one more award and increased upvotes!