CVE-2019-14287
CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Productos afectados
n/a · n/aPoCs públicas encontradas — 29
githubgithub.com/n0w4n/CVE-2019-14287★ 13githubgithub.com/CMNatic/Dockerized-CVE-2019-14287★ 7githubgithub.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287★ 3githubgithub.com/MariliaMeira/CVE-2019-14287★ 1githubgithub.com/FauxFaux/sudo-cve-2019-14287★ 1githubgithub.com/CashWilliams/CVE-2019-14287-demo★ 1githubgithub.com/DewmiApsara/CVE-2019-14287★ 0githubgithub.com/M108Falcon/Sudo-CVE-2019-14287★ 0githubgithub.com/edsonjt81/CVE-2019-14287-★ 0githubgithub.com/DularaAnushka/Linux-Privilege-Escalation-using-Sudo-Rights★ 0githubgithub.com/h3x0v3rl0rd/CVE-2019-14287★ 0githubgithub.com/Hasintha-98/Sudo-Vulnerability-Exploit-CVE-2019-14287★ 0githubgithub.com/Ijinleife/CVE-2019-14287★ 0githubgithub.com/lemonadern/poc-cve-2019-14287★ 0githubgithub.com/HivinManjuSri/ubuntu-cve-2019-14287-patch-manager★ 0githubgithub.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287★ 0githubgithub.com/gurneesh/CVE-2019-14287-write-up★ 0githubgithub.com/huang919/cve-2019-14287-PPT★ 0githubgithub.com/ejlevin99/Sudo-Security-Bypass-Vulnerability★ 0githubgithub.com/thinuri99/Sudo-Security-Bypass-Vulnerability-CVE-2019-14287-★ 0githubgithub.com/janod313/-CVE-2019-14287-SUDO-bypass-vulnerability★ 0githubgithub.com/HussyCool/CVE-2019-14287-IT18030372-★ 0githubgithub.com/wenyu1999/sudo-★ 0githubgithub.com/Sindadziy/cve-2019-14287★ 0githubgithub.com/Sindayifu/CVE-2019-14287-CVE-2014-6271★ 0githubgithub.com/axax002/sudo-vulnerability-CVE-2019-14287★ 0githubgithub.com/sachinthadesilva/Exploit-CVE-2019-14287★ 0exploitdbwww.exploit-db.com/exploits/47502no verificadocve_referencepacketstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.htmlno verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.htmlhttp://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.htmlhttps://access.redhat.com/errata/RHBA-2019:3248https://access.redhat.com/errata/RHSA-2019:3197https://access.redhat.com/errata/RHSA-2019:3204https://access.redhat.com/errata/RHSA-2019:3205https://access.redhat.com/errata/RHSA-2019:3209https://access.redhat.com/errata/RHSA-2019:3219https://access.redhat.com/errata/RHSA-2019:3278https://access.redhat.com/errata/RHSA-2019:3694https://access.redhat.com/errata/RHSA-2019:3754