Lucene search

CVE-2019-14287

🗓️ 17 Oct 2019 00:00:00Reported by AttackerKBType

In Sudo before 1.8.28, an attacker with Runas ALL sudoer account can bypass policy blacklists and cause incorrect logging by invoking sudo with a crafted user ID. Enables bypass of !root configuration and USER= logging for a "sudo -u #$((0xffffffff))" command

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 178
ThreatPost	Sudo Bug Opens Root Access on Linux Systems	15 Oct 201915:55	–	threatpost
Fedora	[SECURITY] Fedora 29 Update: sudo-1.8.28-1.fc29	31 Oct 201901:52	–	fedora
Fedora	[SECURITY] Fedora 30 Update: sudo-1.8.28-1.fc30	15 Oct 201922:41	–	fedora
Fedora	[SECURITY] Fedora 31 Update: sudo-1.8.28-1.fc31	19 Oct 201903:46	–	fedora
Fedora	[SECURITY] Fedora 32 Update: sudo-1.9.0-0.1.b1.fc32	16 Mar 202020:47	–	fedora
GithubExploit	Exploit for Improper Handling of Exceptional Conditions in Sudo Project Sudo	16 Oct 201914:47	–	githubexploit
GithubExploit	Exploit for Improper Handling of Exceptional Conditions in Sudo Project Sudo	15 Oct 201917:58	–	githubexploit
GithubExploit	Exploit for Improper Handling of Exceptional Conditions in Sudo Project Sudo	15 Oct 201906:47	–	githubexploit
GithubExploit	Exploit for Improper Handling of Exceptional Conditions in Sudo Project Sudo	18 Oct 201904:11	–	githubexploit
GithubExploit	Exploit for Improper Handling of Exceptional Conditions in Sudo Project Sudo	13 Oct 202108:35	–	githubexploit

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
openwall	www.openwall.com/lists/oss-security/2019/10/14/1
usn	www.usn.ubuntu.com/4154-1
debian	www.debian.org/security/2019/dsa-4543
seclists	www.seclists.org/bugtraq/2019/Oct/21
seclists	www.seclists.org/bugtraq/2019/Oct/20
lists	www.lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U
sudo	www.sudo.ws/alerts/minus_1_uid.html
lists	www.lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Oct 2019 00:00Current

2.6Low risk

Vulners AI Score2.6

EPSS0.84563