It is currently Wed Nov 13, 2019 9:33 am
All times are UTC + 8 hours

[sudo in A.D.M.] security problem : CVE-2019-14287

Got a question about our NAS utilities? The answer lies within.

[sudo in A.D.M.] security problem : CVE-2019-14287

Postby father.mande » Tue Oct 15, 2019 10:08 pm

Hi,

Please take care if you use sudo provide by A.D.M. due to vulnerability CVE-2019-14287 (normally used only by admin to root even using su in lot of time)
Ref. : https://www.sudo.ws/alerts/minus_1_uid.html

A.D.M. sudo version : Sudoers policy plugin version 1.8.20p2 ; Sudoers file grammar version 46
Minimum corrected version : 1.8.28

This also can affect sudo in Entware APKG : sudo - 1.8.27

Risk is limited on NAS, if you don't used ssh or telnet open to all users (in Entware, in A.D.M. it's limited to administrators group), strong admin password and not usual port (like 22 for SSH).
Philippe.
AS5002T / AS202TE / AS1002T
My Blog specific to my APKG : https://blog.father-mande.ovh/
User avatar
father.mande
 
Posts: 808
Joined: Sat Sep 12, 2015 2:55 am

Return to NAS Utilities

  • You cannot post new topics in this forum
    You cannot reply to topics in this forum
    You cannot edit your posts in this forum
    You cannot delete your posts in this forum
    You cannot post attachments in this forum
  • Who is online

    Users browsing this forum: No registered users and 1 guest