vulnerability
CentOS Linux: CVE-2019-14287: Important: sudo security update (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 17, 2019 | Oct 25, 2019 | May 25, 2023 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 17, 2019
Added
Oct 25, 2019
Modified
May 25, 2023
Description
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Solution(s)
centos-upgrade-sudocentos-upgrade-sudo-debuginfocentos-upgrade-sudo-debugsourcecentos-upgrade-sudo-devel
References
- DEBIAN-DSA-4543
- NVD-CVE-2019-14287
- REDHAT-RHBA-2019:3248
- REDHAT-RHSA-2019:3197
- REDHAT-RHSA-2019:3204
- REDHAT-RHSA-2019:3205
- REDHAT-RHSA-2019:3209
- REDHAT-RHSA-2019:3219
- REDHAT-RHSA-2019:3278
- REDHAT-RHSA-2019:3694
- REDHAT-RHSA-2019:3754
- REDHAT-RHSA-2019:3755
- REDHAT-RHSA-2019:3895
- REDHAT-RHSA-2019:3916
- REDHAT-RHSA-2019:3941
- REDHAT-RHSA-2019:4191
- REDHAT-RHSA-2020:0388

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.