CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

  • OS
    Any OS
  • Version
    Any Version
  • Fix
    Any Type

81 fixes found:

    Workaround

    Configuration change to mitigate CVE-2019-14287
    Published Date:Oct 14, 2019
    Updated Date:Oct 14, 2019

      Version Update

      (RHSA-2020:0388) Important: sudo security update
      Published Date:Feb 4, 2020
      Updated Date:Feb 4, 2020
      Source:Redhat8
      Affected Packages:

      sudo-1.8.25p1, sudo-debugsource-1.8.25p1, sudo-debuginfo-1.8.25p1

      Version Update

      (RHSA-2019:3205) Important: sudo security update
      Published Date:Oct 24, 2019
      Updated Date:Jan 21, 2020
      Source:Redhat7
      Affected Packages:

      sudo-debuginfo-1.8.23, sudo-1.8.23, sudo-devel-1.8.23

      Version Update

      (RHSA-2019:4191) Important: sudo security update
      Published Date:Dec 10, 2019
      Updated Date:Dec 10, 2019
      Source:Redhat5
      Affected Packages:

      sudo-debuginfo-1.7.2p1, sudo-1.7.2p1

      Version Update

      (RHSA-2019:3895) Important: sudo security update
      Published Date:Nov 18, 2019
      Updated Date:Nov 18, 2019
      Source:Redhat6
      Affected Packages:

      sudo-debuginfo-1.8.6p3, sudo-1.8.6p3, sudo-devel-1.8.6p3

      Version Update

      sudo security update
      Published Date:Nov 14, 2019
      Updated Date:Nov 14, 2019
      Source:Centos6
      Affected Packages:

      sudo-1.8.6p3, sudo-devel-1.8.6p3

      Version Update

      (RHSA-2019:3694) Important: sudo security update
      Published Date:Nov 6, 2019
      Updated Date:Nov 6, 2019
      Source:Redhat8
      Affected Packages:

      sudo-1.8.25p1, sudo-debugsource-1.8.25p1, sudo-debuginfo-1.8.25p1

      Version Update

      (RHSA-2019:3754) Important: sudo security update
      Published Date:Nov 6, 2019
      Updated Date:Nov 6, 2019
      Source:Redhat6
      Affected Packages:

      sudo-debuginfo-1.8.6p3, sudo-1.8.6p3, sudo-devel-1.8.6p3