The -u parameter of sudo can be used to specify a user id if preceded by '#', this module exploits a flaw in how that parameter is handled, when the id -1 is provided sudo will run the command as root even if it is restricted in the sudoers file For this exploit to work, there must be at least one directive in the sudoers file that allows a non privileged user to run a command as any user, thus by exploiting the flaw this command can be ran as root Depending on the configured commands inside the sudoers file, an new privileged agent can be deployed using only those commands. This exploit currently supports deploying the agent when vi or vim are allowed by a directive
CVE Link
Exploit Platform
Exploit Type
Product Name