CVE-2019-19234
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.9%
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that userโthe user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are only accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the shell of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash
References
access.redhat.com/security/cve/cve-2019-19234
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/
quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104
quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473
quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772
quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812
quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979
quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748
security.netapp.com/advisory/ntap-20200103-0004/
support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19234
support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5505
support2.windriver.com/index.php?page=defects&on=view&id=LIN1019-3816
www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html
www.oracle.com/security-alerts/bulletinapr2020.html
www.sudo.ws/devel.html#1.8.30b2
www.sudo.ws/stable.html
www.suse.com/security/cve/CVE-2019-19234/
www.tenable.com/plugins/nessus/132985
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.3 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
80.9%