First published: Thu Oct 10 2019(Updated: )
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/sudo | <0:1.7.2p1-31.el5_11.1 | 0:1.7.2p1-31.el5_11.1 |
redhat/sudo | <0:1.8.6p3-29.el6_10.2 | 0:1.8.6p3-29.el6_10.2 |
redhat/sudo | <0:1.8.6p3-12.el6_5.2 | 0:1.8.6p3-12.el6_5.2 |
redhat/sudo | <0:1.8.6p3-15.el6_6.2 | 0:1.8.6p3-15.el6_6.2 |
redhat/sudo | <0:1.8.23-4.el7_7.1 | 0:1.8.23-4.el7_7.1 |
redhat/sudo | <0:1.8.6p7-17.el7_2.2 | 0:1.8.6p7-17.el7_2.2 |
redhat/sudo | <0:1.8.6p7-23.el7_3.2 | 0:1.8.6p7-23.el7_3.2 |
redhat/sudo | <0:1.8.19p2-12.el7_4.1 | 0:1.8.19p2-12.el7_4.1 |
redhat/sudo | <0:1.8.19p2-14.el7_5.1 | 0:1.8.19p2-14.el7_5.1 |
redhat/sudo | <0:1.8.23-3.el7_6.1 | 0:1.8.23-3.el7_6.1 |
redhat/sudo | <0:1.8.25p1-8.el8_1 | 0:1.8.25p1-8.el8_1 |
redhat/sudo | <0:1.8.25p1-4.el8_0.2 | 0:1.8.25p1-4.el8_0.2 |
redhat/redhat-release-virtualization-host | <0:4.2-15.1.el7 | 0:4.2-15.1.el7 |
redhat/redhat-virtualization-host | <0:4.2-20191022.0.el7_6 | 0:4.2-20191022.0.el7_6 |
debian/sudo | <=1.8.27-1<=1.8.19p1-2.1 | 1.8.19p1-2.1+deb9u1 1.8.27-1+deb10u1 1.8.27-1.1 |
Sudo Project Sudo | <1.8.28 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =19.04 | |
Netapp Element Software Management Node | ||
Redhat Openshift Container Platform | =4.1 | |
Redhat Virtualization | =4.2 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux Desktop | =6.0 | |
Redhat Enterprise Linux Desktop | =7.0 | |
Redhat Enterprise Linux Eus | =7.5 | |
Redhat Enterprise Linux Eus | =7.6 | |
Redhat Enterprise Linux Eus | =7.7 | |
Redhat Enterprise Linux Eus | =8.1 | |
Redhat Enterprise Linux Eus | =8.2 | |
Redhat Enterprise Linux Eus | =8.4 | |
Redhat Enterprise Linux Server | =5.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server | =7.0 | |
Redhat Enterprise Linux Server Aus | =6.5 | |
Redhat Enterprise Linux Server Aus | =6.6 | |
Redhat Enterprise Linux Server Aus | =7.2 | |
Redhat Enterprise Linux Server Aus | =7.3 | |
Redhat Enterprise Linux Server Aus | =7.4 | |
Redhat Enterprise Linux Server Aus | =7.6 | |
Redhat Enterprise Linux Server Aus | =7.7 | |
Redhat Enterprise Linux Server Aus | =8.2 | |
Redhat Enterprise Linux Server Aus | =8.4 | |
Redhat Enterprise Linux Server Tus | =7.2 | |
Redhat Enterprise Linux Server Tus | =7.3 | |
Redhat Enterprise Linux Server Tus | =7.4 | |
Redhat Enterprise Linux Server Tus | =7.6 | |
Redhat Enterprise Linux Server Tus | =7.7 | |
Redhat Enterprise Linux Server Tus | =8.2 | |
Redhat Enterprise Linux Server Tus | =8.4 | |
Redhat Enterprise Linux Workstation | =6.0 | |
Redhat Enterprise Linux Workstation | =7.0 | |
redhat/sudo | <1.8.28 | 1.8.28 |
ubuntu/sudo | <1.8.21 | 1.8.21 |
ubuntu/sudo | <1.8.27-1ubuntu1.1 | 1.8.27-1ubuntu1.1 |
ubuntu/sudo | <1.8.9 | 1.8.9 |
ubuntu/sudo | <1.8.28 | 1.8.28 |
ubuntu/sudo | <1.8.16-0ubuntu1.8 | 1.8.16-0ubuntu1.8 |
debian/sudo | 1.8.27-1+deb10u3 1.8.27-1+deb10u6 1.9.5p2-3+deb11u1 1.9.13p3-1+deb12u1 1.9.15p5-3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
The vulnerability ID for this flaw in sudo is CVE-2019-14287.
The severity of CVE-2019-14287 is high.
The vulnerability in sudo allows an attacker with access to a Runas ALL sudoer account to bypass certain policy blacklists and session PAM modules, and can cause incorrect logging.
An attacker can exploit CVE-2019-14287 by invoking sudo with a crafted user ID.
Yes, the fix for this vulnerability in sudo is version 1.8.28.