Page 1 of 1

[sudo in A.D.M.] security problem : CVE-2019-14287

PostPosted: Tue Oct 15, 2019 10:08 pm
by father.mande
Hi,

Please take care if you use sudo provide by A.D.M. due to vulnerability CVE-2019-14287 (normally used only by admin to root even using su in lot of time)
Ref. : https://www.sudo.ws/alerts/minus_1_uid.html

A.D.M. sudo version : Sudoers policy plugin version 1.8.20p2 ; Sudoers file grammar version 46
Minimum corrected version : 1.8.28

This also can affect sudo in Entware APKG : sudo - 1.8.27

Risk is limited on NAS, if you don't used ssh or telnet open to all users (in Entware, in A.D.M. it's limited to administrators group), strong admin password and not usual port (like 22 for SSH).
Philippe.