9

CVE-2019-14287

Exploit
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sudo ProjectSudo Version < 1.8.28
FedoraprojectFedora Version29
FedoraprojectFedora Version30
FedoraprojectFedora Version31
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
DebianDebian Linux Version10.0
OpensuseLeap Version15.0
OpensuseLeap Version15.1
CanonicalUbuntu Linux Version12.04 SwEditionesm
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version16.04 SwEditionlts
CanonicalUbuntu Linux Version18.04 SwEditionlts
CanonicalUbuntu Linux Version19.04
RedhatVirtualization Version4.2
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Eus Version7.5
RedhatEnterprise Linux Eus Version7.6
RedhatEnterprise Linux Eus Version7.7
RedhatEnterprise Linux Eus Version8.1
RedhatEnterprise Linux Eus Version8.2
RedhatEnterprise Linux Eus Version8.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 63.92% 0.991
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 9 8 10
AV:N/AC:L/Au:S/C:C/I:C/A:C
CWE-755 Improper Handling of Exceptional Conditions

The product does not handle or incorrectly handles an exceptional condition.

http://www.openwall.com/lists/oss-security/2019/10/24/1
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2019/10/29/3
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHBA-2019:3248
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3941
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
Third Party Advisory
Mailing List
http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
Third Party Advisory
VDB Entry
http://www.openwall.com/lists/oss-security/2019/10/14/1
Third Party Advisory
Exploit
Mailing List
http://www.openwall.com/lists/oss-security/2021/09/14/2
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2019:3197
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3204
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3205
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3209
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3219
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3278
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3694
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3754
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3755
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3895
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3916
Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:4191
Third Party Advisory
https://access.redhat.com/errata/RHSA-2020:0388
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html
Third Party Advisory
Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/
https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287
Third Party Advisory
https://seclists.org/bugtraq/2019/Oct/20
Third Party Advisory
Mailing List
Issue Tracking
https://seclists.org/bugtraq/2019/Oct/21
Third Party Advisory
Mailing List
Issue Tracking
https://security.gentoo.org/glsa/202003-12
Third Party Advisory
https://security.netapp.com/advisory/ntap-20191017-0003/
Third Party Advisory
https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSS
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us
Third Party Advisory
https://usn.ubuntu.com/4154-1/
Third Party Advisory
https://www.debian.org/security/2019/dsa-4543
Third Party Advisory
https://www.openwall.com/lists/oss-security/2019/10/15/2
Patch
Third Party Advisory
Mailing List
https://www.sudo.ws/alerts/minus_1_uid.html
Vendor Advisory
Exploit