Yet Another CVE analysis (CVE-2019-14287)

Last time I did a heap overflow CVE analysis. I wanted to analyze a different kind of bug this time, so I chose one for Sudo that is a logic bug. The CVE is CVE-2019-14287 and it contains an error with how Sudo handled integers and unsigned integer wrapping with -1. So the linux program sudo allows a user to temporarily elevate access so that a program (such as an installer) can run and change something a user would otherwise not have access to do. This program has a configurations file called sudoers that specifies which users a particular user can. In order to exploit this CVE, you must specify the user as having (ALL, !root) access in the sudoers file which means the user can assume anyone accept root. To achieve this, the user with this sudoers entry must pass -1 as a command line argument to specify the user number the user wants to assume. Like this: sudo -u -1 . -1 is not a valid user number, and so when sudo receives it, the number wraps back around to 4294967295, the highest n