CVE-2019-14287
Description
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a sudo -u #$((0xffffffff)) command.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
85.814
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| sudo security update(DSA-4543-1) sudo_1.8.27-1+deb10u1_amd64.deb | Linux |
| sudo security update(DSA-4543-1) sudo_1.8.19p1-2.1+deb9u1_i386.deb | Linux |
| sudo security update(DSA-4543-1) sudo_1.8.19p1-2.1+deb9u1_amd64.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo_1.8.16-0ubuntu1.8_i386.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo_1.8.16-0ubuntu1.8_amd64.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo_1.8.27-1ubuntu1.1_i386.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo_1.8.27-1ubuntu1.1_amd64.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo_1.8.21p2-3ubuntu1.1_i386.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo_1.8.21p2-3ubuntu1.1_amd64.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo-ldap_1.8.16-0ubuntu1.8_i386.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo-ldap_1.8.16-0ubuntu1.8_amd64.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo-ldap_1.8.27-1ubuntu1.1_i386.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo-ldap_1.8.27-1ubuntu1.1_amd64.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo-ldap_1.8.21p2-3ubuntu1.1_i386.deb | Linux |
| Provide limited super user privileges to specific users (USN-4154-1) sudo-ldap_1.8.21p2-3ubuntu1.1_amd64.deb | Linux |
| SUSE-SU-2019:2666-1(SUSE Linux Enterprise Server 12-SP4 ) sudo-1.8.20p2-3.14.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2666-1(SUSE Linux Enterprise Server 12-SP4 ) sudo-debuginfo-1.8.20p2-3.14.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2666-1(SUSE Linux Enterprise Server 12-SP4 ) sudo-debugsource-1.8.20p2-3.14.1.x86_64.rpm | Linux |
| SUSE-SU-2019:2666-1(SUSE Linux Enterprise Desktop 12-SP4 ) sudo-1.8.20p2-3.14.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2019:2666-1(SUSE Linux Enterprise Desktop 12-SP4 ) sudo-debuginfo-1.8.20p2-3.14.1.x86_64_SP4.rpm | Linux |
| SUSE-SU-2019:2666-1(SUSE Linux Enterprise Desktop 12-SP4 ) sudo-debugsource-1.8.20p2-3.14.1.x86_64_SP4.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.i686.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (RHSA-2019:3219) sudo security update sudo-1.8.6p7-23.el7_3.2.x86_64.rpm | Linux |
| (RHSA-2019:3219) sudo security update sudo-devel-1.8.6p7-23.el7_3.2.i686.rpm | Linux |
| (RHSA-2019:3219) sudo security update sudo-devel-1.8.6p7-23.el7_3.2.x86_64.rpm | Linux |
| (RHSA-2019:3278) sudo security update sudo-1.8.6p7-17.el7_2.2.x86_64.rpm | Linux |
| (RHSA-2019:3278) sudo security update sudo-devel-1.8.6p7-17.el7_2.2.i686.rpm | Linux |
| (RHSA-2019:3278) sudo security update sudo-devel-1.8.6p7-17.el7_2.2.x86_64.rpm | Linux |
| (RHSA-2019:3755) sudo security update sudo-1.8.6p3-29.el6_10.2.i686.rpm | Linux |
| (RHSA-2019:3755) sudo security update sudo-1.8.6p3-29.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2019:3755) sudo security update sudo-devel-1.8.6p3-29.el6_10.2.i686.rpm | Linux |
| (RHSA-2019:3755) sudo security update sudo-devel-1.8.6p3-29.el6_10.2.x86_64.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.i686.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.i686.rpm | Linux |
| (RHSA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| Sudo update (ELSA-2019-3694) sudo-1.8.25p1-8.el8_1.x86_64.rpm | Linux |
| Sudo update (ELSA-2020-0726) sudo-1.8.6p3-29.0.1.el6_10.3.x86_64.rpm | Linux |
| Sudo-devel update (ELSA-2020-0726) sudo-devel-1.8.6p3-29.0.1.el6_10.3.x86_64.rpm | Linux |
| Sudo update (ELSA-2020-0726) sudo-1.8.6p3-29.0.1.el6_10.3.i686.rpm | Linux |
| Sudo-devel update (ELSA-2020-0726) sudo-devel-1.8.6p3-29.0.1.el6_10.3.i686.rpm | Linux |
| (CESA-2019:3197) sudo security update sudo-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (CESA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.i686.rpm | Linux |
| (CESA-2019:3197) sudo security update sudo-devel-1.8.23-4.el7_7.1.x86_64.rpm | Linux |
| (CESA-2019:3755) sudo security update sudo-1.8.6p3-29.el6_10.2.i686.rpm | Linux |
| (CESA-2019:3755) sudo security update sudo-1.8.6p3-29.el6_10.2.x86_64.rpm | Linux |
| (CESA-2019:3755) sudo security update sudo-devel-1.8.6p3-29.el6_10.2.i686.rpm | Linux |
| (CESA-2019:3755) sudo security update sudo-devel-1.8.6p3-29.el6_10.2.x86_64.rpm | Linux |
| Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-14287) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234