CVE-2019-14287: Sudo 输入验证错误漏洞

获取后续新漏洞提醒登录后订阅

一、漏洞 CVE-2019-14287 基础信息

漏洞信息

对漏洞内容有疑问？看看神龙的深度分析是否有帮助！

查看神龙十问 ↗

尽管我们使用了先进的大模型技术，但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性，但请您根据实际情况进行核实和判断。

Vulnerability Title

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Description

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

来源: 美国国家漏洞数据库 NVD

CVSS Information

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Type

N/A

来源: 美国国家漏洞数据库 NVD

Vulnerability Title

Sudo 输入验证错误漏洞

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Description

Sudo是一款使用于类Unix系统的，允许用户通过安全的方式使用特殊的权限执行命令的程序。 sudo 1.8.28之前版本中存在安全漏洞。攻击者可利用该漏洞以root权限运行命令。

来源: 中国国家信息安全漏洞库 CNNVD

CVSS Information

N/A

来源: 中国国家信息安全漏洞库 CNNVD

Vulnerability Type

N/A

来源: 中国国家信息安全漏洞库 CNNVD

受影响产品

厂商	产品	影响版本	CPE	订阅
-	n/a	n/a	-

二、漏洞 CVE-2019-14287 的公开POC

#	POC 描述	源链接	神龙链接
1	None	https://github.com/FauxFaux/sudo-cve-2019-14287	POC详情
2	This is a container built for demonstration purposes that has a version of the sudo command which is vulnerable to CVE-2019-14287	https://github.com/CashWilliams/CVE-2019-14287-demo	POC详情
3	Sudo exploit	https://github.com/n0w4n/CVE-2019-14287	POC详情
4	None	https://github.com/gurneesh/CVE-2019-14287-write-up	POC详情
5	Sudo Security Bypass (CVE-2019-14287)	https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287	POC详情
6	None	https://github.com/huang919/cve-2019-14287-PPT	POC详情
7	cve-2019-14287	https://github.com/wenyu1999/sudo-	POC详情
8	None	https://github.com/Sindadziy/cve-2019-14287	POC详情
9	Containerized and deployable use of the CVE-2019-14287 vuln. View README.md for more.	https://github.com/CMNatic/Dockerized-CVE-2019-14287	POC详情
10	Sudo Vulnerability CVE-2019-14287	https://github.com/axax002/sudo-vulnerability-CVE-2019-14287	POC详情
11	Documentation for Sudo Security Bypass - CVE 2019-14287	https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287	POC详情
12	Sudo Security Policy bypass Vulnerability	https://github.com/HussyCool/CVE-2019-14287-IT18030372-	POC详情
13	None	https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287	POC详情
14	This is a brief exploitation of CVE-2019-14287 Sudo Security Bypass Vulnerability.	https://github.com/ejlevin99/Sudo-Security-Bypass-Vulnerability	POC详情
15	This is the exploitation of sudo security bypass vulnerability	https://github.com/thinuri99/Sudo-Security-Bypass-Vulnerability-CVE-2019-14287-	POC详情
16	None	https://github.com/janod313/-CVE-2019-14287-SUDO-bypass-vulnerability	POC详情
17	None	https://github.com/DewmiApsara/CVE-2019-14287	POC详情
18	Scripts to verify and execute CVE-2019-14287 as part of Research	https://github.com/M108Falcon/Sudo-CVE-2019-14287	POC详情
19	None	https://github.com/edsonjt81/CVE-2019-14287-	POC详情
20	CVE-2019-14287	https://github.com/DularaAnushka/Linux-Privilege-Escalation-using-Sudo-Rights	POC详情
21	None	https://github.com/crypticdante/CVE-2019-14287	POC详情
22	None	https://github.com/Hasintha-98/Sudo-Vulnerability-Exploit-CVE-2019-14287	POC详情
23	None	https://github.com/5l1v3r1/cve-2019-14287sudoexp	POC详情
24	None	https://github.com/MariliaMeira/CVE-2019-14287	POC详情
25	None	https://github.com/Ijinleife/CVE-2019-14287	POC详情
26	None	https://github.com/H3xL00m/CVE-2019-14287	POC详情
27	None	https://github.com/n3ov4n1sh/CVE-2019-14287	POC详情
28	None	https://github.com/c0d3cr4f73r/CVE-2019-14287	POC详情
29	None	https://github.com/Sp3c73rSh4d0w/CVE-2019-14287	POC详情
30	None	https://github.com/0xwh1pl4sh/CVE-2019-14287	POC详情
31	None	https://github.com/N3rdyN3xus/CVE-2019-14287	POC详情
32	None	https://github.com/NyxByt3/CVE-2019-14287	POC详情
33	None	https://github.com/lemonadern/poc-cve-2019-14287	POC详情
34	None	https://github.com/h3xcr4ck3r/CVE-2019-14287	POC详情
35	None	https://github.com/n3rdh4x0r/CVE-2019-14287	POC详情
36	In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.	https://github.com/projectdiscovery/nuclei-templates/blob/main/code/cves/2019/CVE-2019-14287.yaml	POC详情
37	None	https://github.com/h3x0v3rl0rd/CVE-2019-14287	POC详情
38	Documentation for Sudo Security Bypass - CVE 2019-14287	https://github.com/sachinthadesilva/Exploit-CVE-2019-14287	POC详情

AI 生成 POC高级

未找到公开 POC。

登录以生成 AI POC

三、漏洞 CVE-2019-14287 的情报信息

Please 登录 to view more intelligence information

http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.htmlx_refsource_MISC
https://support.f5.com/csp/article/K53746212?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbns03976en_usx_refsource_CONFIRM
https://www.sudo.ws/alerts/minus_1_uid.htmlx_refsource_CONFIRM
https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-in-sudo-cve-2019-14287x_refsource_MISC
https://www.debian.org/security/2019/dsa-4543vendor-advisoryx_refsource_DEBIAN
https://usn.ubuntu.com/4154-1/vendor-advisoryx_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2020:0388vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4191vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3895vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3204vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHBA-2019:3248vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3694vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3278vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3916vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3205vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3219vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3755vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3197vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3941vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3754vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3209vendor-advisoryx_refsource_REDHAT
https://security.gentoo.org/glsa/202003-12vendor-advisoryx_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.htmlvendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.htmlvendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TUVAOZBYUHZS56A5FQSCDVGXT7PW7FL2/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IP7SIOAVLSKJGMTIULX52VQUPTVSC43U/vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NPLAM57TPJQGKQMNG6RHFBLACD6K356N/vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2019/10/14/1mailing-listx_refsource_MLIST
https://www.openwall.com/lists/oss-security/2019/10/15/2mailing-listx_refsource_MLIST
https://seclists.org/bugtraq/2019/Oct/20mailing-listx_refsource_BUGTRAQ
https://seclists.org/bugtraq/2019/Oct/21mailing-listx_refsource_BUGTRAQ
http://www.openwall.com/lists/oss-security/2019/10/24/1mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/09/14/2mailing-listx_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/10/msg00022.htmlmailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/10/29/3mailing-listx_refsource_MLIST
https://nvd.nist.gov/vuln/detail/CVE-2019-14287

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2019-14287

暂无评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2019-14287 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2019-14287 的公开POC

三、漏洞 CVE-2019-14287 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2019-14287

发表评论

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

一、 漏洞 CVE-2019-14287 基础信息

漏洞信息

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

受影响产品

二、漏洞 CVE-2019-14287 的公开POC

三、漏洞 CVE-2019-14287 的情报信息

IV. Related Vulnerabilities

V. Comments for CVE-2019-14287

发表评论

目标达成感谢每一位支持者 — 我们达成了 100% 目标！

一、漏洞 CVE-2019-14287 基础信息