As one of the most commonly used utilities in Linux, Sudo is installed on almost every UNIX and Linux distribution for users to invoke and implement core commands. However, a recent privilege vulnerability has pointed to a security policy vulnerability for sudo – even if the configuration explicitly does not allow root access, the vulnerability can still allow malicious users or programs to be root on the target Linux system and execute any command.
It is reported that the vulnerability was discovered by Joe Vennix of Apple Information Security, (CVE-2019-14287). And to take advantage of this bug, just running command: Sudo User ID -1 or Sudo User ID 4294967295. This is because a function that converts a user ID to a username will mistake -1 (or invalid equivalent 4294967295) as 0, which happens to be the root user ID. Also, since the User ID specified with the -u option does not exist in the password database, no PAM session modules will run.
In summary, this vulnerability affects all Sudo versions prior to the latest version 1.8.28. Fortunately, a few hours ago, major Linux distributions were already pushing new versions to users.