From thehackernews, it was said when the UID is larger than INT_MAX, which is 2147483647, privilege validation is improperly handled and that gives the user right to run systemctl commands as if he/she is a privileged user.
What is my INT_MAX?
[email protected]:~# grep -i int_max /usr/include/limits.h # define INT_MIN (-INT_MAX - 1) # define INT_MAX 2147483647 # define UINT_MAX 4294967295U
Though it’s hard to imagine who would use such an UID when they usually starts with 1000. However, if Linux is integrated with AD, the AD users ID are mapped to very large number. For example, the UID of my AD user account is 1345012730 and this ID does not show up on /etc/passwd. sssd does not allow user enumeration by default, so it may not be able to check if any UID is > INT_MAX. It’d take a very large corp to reach INT_MAX though.
CVE for this is CVE-2018-19788