Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2019-14287

Date: October 17, 2019

Overview

Sudo is a powerful and popular command-line tool that is installed on nearly every UNIX-like and Linux-based operating system. The open source tool lets system administrators set security policies that allow certain users to execute commands as the superuser (root user) or another user. The system access rights are configured in a file called sudoers. Affected versions of this utility allow a user to circumvent the Sudo policy restrictions and execute arbitrary commands as the root user, even in situations when root access is not permitted.

Details

The CVE-2019-14287 vulnerability occurs when the sudoers configuration entry permits a user or a program to run a command as any other user, except the root. Here is a sudoers entry example: certainuser myhost = (ALL, !root) /usr/bin/resources The above specification implies that the user called “certainuser” can execute the “resources” command as any other user, excluding the root. The exclamation mark (!) is what denotes the exclusion. Apart from referring to the “root” user by name, they may also be identified using other methods, such as by user id: certainuser myhost = (ALL, !#0) /usr/bin/resources While the above entry implies that a security policy has been established to limit access, a malicious user could bypass that restriction. If an attacker specifies the target user using a numeric id of -1, or its unsigned equivalent 4294967295, the function will fail to parse all the values properly. In such a case, it would treat the user id like 0, which denotes the id of the root user. This would allow the attacker to run the command with root privileges, circumventing the set security policy.

Affected Environments

Sudo versions before 1.8.28

Remediation

Assess every sudoers configuration entry that has the exclamation mark (!) and ensure that the root user is not among those excluded. You can get them in files under /etc/sudoers.d or in the /etc/sudoers file.

Prevention

Update to Sudo version 1.8.28 or higher

Language: C

Good to know:

icon
icon

Input Validation

CWE-20

Improper Handling of Exceptional Conditions

CWE-755
icon

Upgrade Version

Upgrade to version SUDO_1_8_28

Learn More

Base Score:
Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope (S): Unchanged
Confidentiality (C): High
Integrity (I): High
Availability (A): High
Base Score:
Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (AU): Single
Confidentiality (C): Complete
Integrity (I): Complete
Availability (A): Complete
Additional information:

Related Resources (45)

https://access.redhat.com/errata/RHSA-2019:3278
https://access.redhat.com/errata/RHSA-2019:3754
https://access.redhat.com/errata/RHSA-2019:3755
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/
https://access.redhat.com/errata/RHSA-2019:3694
https://access.redhat.com/errata/RHSA-2019:3895
https://nvd.nist.gov/vuln/detail/CVE-2019-14287
http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html
https://access.redhat.com/security/cve/CVE-2019-14287
https://access.redhat.com/errata/RHSA-2019:3197
https://security-tracker.debian.org/tracker/CVE-2019-14287
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
https://security.gentoo.org/glsa/202003-12
https://usn.ubuntu.com/4154-1/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/
https://www.debian.org/security/2019/dsa-4543
http://www.openwall.com/lists/oss-security/2019/10/24/1
https://support.f5.com/csp/article/K53746212?utm_source=f5support&utm_medium=RSS
https://access.redhat.com/errata/RHSA-2019:3209
https://www.openwall.com/lists/oss-security/2019/10/15/2
http://www.openwall.com/lists/oss-security/2019/10/29/3
https://www.sudo.ws/alerts/minus_1_uid.html
https://access.redhat.com/errata/RHBA-2019:3248
https://access.redhat.com/errata/RHSA-2019:3941
https://access.redhat.com/errata/RHSA-2020:0388
https://seclists.org/bugtraq/2019/Oct/20
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
https://access.redhat.com/errata/RHSA-2019:3205
https://seclists.org/bugtraq/2019/Oct/21
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_us
https://access.redhat.com/errata/RHSA-2019:3204
https://people.canonical.com/~ubuntu-security/cve/CVE-2019-14287
https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html
https://security.alpinelinux.org/vuln/CVE-2019-14287
http://www.openwall.com/lists/oss-security/2019/10/14/1
https://access.redhat.com/errata/RHSA-2019:4191
https://access.redhat.com/errata/RHSA-2019:3916
https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287
https://access.redhat.com/errata/RHSA-2019:3219
https://security.netapp.com/advisory/ntap-20191017-0003/
http://www.openwall.com/lists/oss-security/2021/09/14/2
https://www.mend.io/resources/blog/top-security-open-source-vulnerabilities
https://www.mend.io/vulnerability-database/CVE-2019-14287
https://www.mend.io/resources/blog/new-vulnerability-in-sudo-cve-2019-14287