CVE-2019-14287 — HIGH (8.8)

Q: How severe is CVE-2019-14287?

CVE-2019-14287 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-14287?

Check the references section above for vendor advisories and patch information. Affected products include: Sudo Project Sudo, Fedoraproject Fedora, Debian Debian Linux, Opensuse Leap, Canonical Ubuntu Linux.

Vulnerability Description

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sudo Project	Sudo	< 1.8.28
Fedoraproject	Fedora	29
Debian	Debian Linux	8.0
Opensuse	Leap	15.0
Canonical	Ubuntu Linux	12.04
Netapp	Element Software Management Node	-
Redhat	Openshift Container Platform	4.1
Redhat	Virtualization	4.2
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Eus	7.5
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	6.5
Redhat	Enterprise Linux Server Tus	7.2
Redhat	Enterprise Linux Workstation	6.0

Related Weaknesses (CWE)

CWE-755

References

http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.htmlMailing ListThird Party Advisory
http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-UpdThird Party AdvisoryVDB Entry
http://www.openwall.com/lists/oss-security/2019/10/14/1ExploitMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/24/1Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2019/10/29/3Mailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2021/09/14/2Mailing ListThird Party Advisory
https://access.redhat.com/errata/RHBA-2019:3248Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3197Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3204Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3205Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3209Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3219Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3278Third Party Advisory
https://access.redhat.com/errata/RHSA-2019:3694Third Party Advisory

FAQ

What is CVE-2019-14287?

CVE-2019-14287 is a vulnerability with a CVSS score of 8.8 (HIGH). In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a craf...

How severe is CVE-2019-14287?

CVE-2019-14287 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-14287?

Check the references section above for vendor advisories and patch information. Affected products include: Sudo Project Sudo, Fedoraproject Fedora, Debian Debian Linux, Opensuse Leap, Canonical Ubuntu Linux.