vulnerability
Oracle Solaris 11: CVE-2019-14287: Vulnerability in Sudo
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | 2019-10-17 | 2019-11-20 | 2022-02-17 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
2019-10-17
Added
2019-11-20
Modified
2022-02-17
Description
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Solution(s)
oracle-solaris-11-3-upgrade-security-sudo-1-8-28-0-175-3-36-0-25-0oracle-solaris-11-4-upgrade-security-sudo-1-8-28-11-4-15-0-1-4-0
References
- CVE-2019-14287
- https://attackerkb.com/topics/CVE-2019-14287
- DEBIAN-DSA-4543
- REDHAT-RHBA-2019:3248
- REDHAT-RHSA-2019:3197
- REDHAT-RHSA-2019:3204
- REDHAT-RHSA-2019:3205
- REDHAT-RHSA-2019:3209
- REDHAT-RHSA-2019:3219
- REDHAT-RHSA-2019:3278
- REDHAT-RHSA-2019:3694
- REDHAT-RHSA-2019:3754
- REDHAT-RHSA-2019:3755
- REDHAT-RHSA-2019:3895
- REDHAT-RHSA-2019:3916
- REDHAT-RHSA-2019:3941
- REDHAT-RHSA-2019:4191
- REDHAT-RHSA-2020:0388
- URL-https://support.oracle.com/epmos/faces/DocumentDisplay?id=1448883.1&displayIndex=1
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.