Vulners
Lucene search
Linux Distros Unpatched Vulnerability : CVE-2019-19234
| Reporter | Title | Published | Views | Family All 60 |
|---|---|---|---|---|
 | Security Bulletin: Vulnerability in Sudo package affects IBM Integrated Analytics System. | 22 Aug 202511:20 | – | ibm |
| Security Bulletin: Multiple vulnerabilities affect IBM Db2® on Cloud Pak for Data and Db2 Warehouse® on Cloud Pak for Data | 29 Jun 202318:23 | – | ibm |
 | Astra Linux - уязвимость в sudo | 20 May 202605:53 | – | astralinux |
 | The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to disable user authentication using a local password. | 4 Mar 202000:00 | – | bdu_fstec |
 | Security fix for the ALT Linux 8 package sudo version 1:1.9.2-alt1 | 30 Aug 202000:00 | – | altlinux |
 | CVE-2019-19234 | 19 Dec 201920:35 | – | cve |
 | CVE-2019-19234 | 19 Dec 201920:35 | – | cvelist |
 | CVE-2019-19234 | 19 Dec 201920:35 | – | debiancve |
 | EulerOS 2.0 SP5 : sudo (EulerOS-SA-2020-1135) | 24 Feb 202000:00 | – | nessus |
| EulerOS 2.0 SP8 : sudo (EulerOS-SA-2020-1181) | 25 Feb 202000:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(222744);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/11/20");
script_cve_id("CVE-2019-19234");
script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2019-19234");
script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.
- In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the
shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas
ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE
is not valid. Disabling local password authentication for a user is not the same as disabling all access
to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux
shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts
that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an
optional setting to check the _shell_ of the target user (not the encrypted password!) against the
contents of /etc/shells but that is not the same thing as preventing access to users with an invalid
password hash (CVE-2019-19234)
Note that Nessus relies on the presence of the package as reported by the vendor.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-19234");
script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19234");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sudo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sudo-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sudo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sudo-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
script_require_ports("Host/OS/CentOS Linux-7", "Host/OS/Red Hat Enterprise Linux-5", "Host/OS/Red Hat Enterprise Linux-6", "Host/OS/Red Hat Enterprise Linux-7");
exit(0);
}
if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/CentOS/rpm-list")) && empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);
include('linux_unpatched.inc');
var distro_constraints_array = {
"Red Hat Enterprise Linux-5": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "5",
"pkgs": [
{"reference": "sudo"}
]
}
]
},
"CentOS Linux-7": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "7",
"pkgs": [
{"reference": "sudo"},
{"reference": "sudo-devel"}
]
}
]
},
"Red Hat Enterprise Linux-6": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "6",
"pkgs": [
{"reference": "sudo"},
{"reference": "sudo-devel"}
]
}
]
},
"Red Hat Enterprise Linux-7": {
"package_manager": "rpm-list",
"constraints": [
{
"release": "7",
"pkgs": [
{"reference": "sudo"},
{"reference": "sudo-devel"}
]
}
]
}
};
var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);
if (!empty_or_null(report))
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : report
);
exit(0);
}
else
{
audit(AUDIT_HOST_NOT, 'affected');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Nov 2025 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 25
CVSS 3.17.5
EPSS0.04075