Bug 825

Summary: Security Issue on Sudo
Product: Sudo Reporter: Saker <saker.hamdy>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: security    
Priority: low    
Version: 1.8.19   
Hardware: All   
OS: All   

Description Saker 2018-02-27 03:49:39 MST
if user has sudo permission on more/less command, he can break the sudo and get root permission.

follow these steps to test if you vulnerable or not:
- sudo less /etc/passwd
- then write "!/bin/sh"

it will redirect you to session with root privilege.


Ref.
http://computersecuritystudent.com/UNIX/SUDO/lesson2/index.html
Comment 1 Todd C. Miller 2018-02-27 09:16:06 MST
This is a well known limitation of sudo.  Please read the "Preventing shell escapes" section in the sudoers manual for ways to solve this.