what you don't know can hurt you
Showing 1 - 18 of 18 RSS Feed

CVE-2019-14287

Status Candidate

Overview

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.

Related Files

Gentoo Linux Security Advisory 202003-12
Posted Mar 14, 2020
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202003-12 - Multiple vulnerabilities have been found in sudo, the worst of which could result in privilege escalation. Versions less than 1.8.31 are affected.

tags | advisory, vulnerability
systems | linux, gentoo
advisories | CVE-2019-14287, CVE-2019-18634
MD5 | 38de872edfea62945b540201e441a825
Red Hat Security Advisory 2020-0388-01
Posted Feb 4, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-0388-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | c01cf442081dc32b49eae3081561b242
Red Hat Security Advisory 2019-4191-01
Posted Dec 10, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-4191-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | b3aa81372e4847ca631a49474175167b
Red Hat Security Advisory 2019-3941-01
Posted Nov 21, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3941-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-12207, CVE-2019-14287, CVE-2019-15718
MD5 | 201d44bed6971bc2b339c9c6a2d55cd4
Red Hat Security Advisory 2019-3916-01
Posted Nov 19, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3916-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This is a text-only advisory for the machine-os-content container image, which includes RPM packages for Red Hat Enterprise Linux CoreOS. Issues addressed include bypass and denial of service vulnerabilities.

tags | advisory, denial of service, vulnerability
systems | linux, redhat
advisories | CVE-2018-12207, CVE-2019-14287
MD5 | 62376534ca94feb6a35ca1483181ab94
Red Hat Security Advisory 2019-3895-01
Posted Nov 18, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3895-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 6726c7f5850cf6b4d0bbed7b9fc33c10
Red Hat Security Advisory 2019-3755-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3755-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 319b3da38661d4f2123191192a6df573
Red Hat Security Advisory 2019-3754-01
Posted Nov 7, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3754-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 46835b80662d2b715b83c9c0ea271830
Red Hat Security Advisory 2019-3694-01
Posted Nov 6, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3694-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | bd7e4be6350837b85ec0c14b544253f7
Red Hat Security Advisory 2019-3278-01
Posted Oct 31, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3278-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 48dfb6453f3477d2a9b70fa56cba7fe4
Red Hat Security Advisory 2019-3219-01
Posted Oct 29, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3219-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability has been addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 7f68ee711bca7c2c5e2efd6a5655cebc
Red Hat Security Advisory 2019-3209-01
Posted Oct 28, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3209-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation vulnerability was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | ebf26ca1d7d153319f0462b216f5e312
Red Hat Security Advisory 2019-3205-01
Posted Oct 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3205-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation issue was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 7dbf3a069d1178a5fe9c748d6a5bc455
Red Hat Security Advisory 2019-3204-01
Posted Oct 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3204-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation issue was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | 51d166ccec3a43da307e53c089688d74
Red Hat Security Advisory 2019-3197-01
Posted Oct 24, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-3197-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. A privilege escalation issue was addressed.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2019-14287
MD5 | a4486b54d7ac1a97f173508159c229cc
Debian Security Advisory 4543-1
Posted Oct 15, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4543-1 - Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 4294967295. This could allow a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access.

tags | advisory, arbitrary, root
systems | linux, debian
advisories | CVE-2019-14287
MD5 | ec6c909fbfdafb0f16d2670450ed784f
Slackware Security Advisory - sudo Updates
Posted Oct 15, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-14287
MD5 | b876fb4cb461a2428b17157eb3049466
Ubuntu Security Notice USN-4154-1
Posted Oct 15, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4154-1 - Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the root user.

tags | advisory, arbitrary, root
systems | linux, ubuntu
advisories | CVE-2019-14287
MD5 | c56785afc4a4f41608914548b7170d11
Page 1 of 1
Back1Next

File Archive:

September 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    20 Files
  • 2
    Sep 2nd
    15 Files
  • 3
    Sep 3rd
    15 Files
  • 4
    Sep 4th
    4 Files
  • 5
    Sep 5th
    1 Files
  • 6
    Sep 6th
    1 Files
  • 7
    Sep 7th
    15 Files
  • 8
    Sep 8th
    27 Files
  • 9
    Sep 9th
    7 Files
  • 10
    Sep 10th
    16 Files
  • 11
    Sep 11th
    9 Files
  • 12
    Sep 12th
    0 Files
  • 13
    Sep 13th
    0 Files
  • 14
    Sep 14th
    25 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    15 Files
  • 17
    Sep 17th
    15 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close