vulnerability
FreeBSD: VID-3a1474ba-f646-11e9-b0af-b888e347c638 (CVE-2019-14287): sudo -- Potential bypass of Runas user restrictions
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Oct 24, 2019 | Dec 10, 2025 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Oct 24, 2019
Added
Dec 10, 2025
Modified
Dec 10, 2025
Description
Todd C. Miller reports: When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification. Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.
Solution
freebsd-upgrade-package-sudo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.