CVE-2019-14287: In Sudo before 1.8.28, an attacker with access to a Runas

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

• EPSS 85.8% (99.4% percentile)
• CVSS 8.8 high

Detection rules

• Sudo Privilege Escalation CVE-2019-14287 - Builtin critical
• Sudo Privilege Escalation CVE-2019-14287 high

Browse the CVE database

Read the full analysis on IntelFusions