Sudo could be made to run commands as root if it called with
a specially crafted user ID ...
Debian Bug report logs -
#942322
sudo: CVE-2019-14287: Potential bypass of Runas user restrictions
Package:
src:sudo;
Maintainer for src:sudo is Bdale Garbee <bdale@gagcom>;
Reported by: Salvatore Bonaccorso <carnil@debianorg>
Date: Mon, 14 Oct 2019 14:57:02 UTC
Severity: grave
Tags: security, upstream
Found in ve ...
Joe Vennix discovered that sudo, a program designed to provide limited
super user privileges to specific users, when configured to allow a user
to run commands as an arbitrary user via the ALL keyword in a Runas
specification, allows to run commands as root by specifying the user ID
-1 or 4294967295 This could allow a user with sufficient sudo
pri ...
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295
This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root acc ...
When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295
This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root acc ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 73 Advanced Update Support, Red Hat Enterprise Linux 73 Telco Extended Update Support, and Red Hat Enterprise Linux 73 Update Services for SAP Solutio ...
Synopsis
Important: OpenShift Container Platform 425 machine-os-content-container security update
Type/Severity
Security Advisory: Important
Topic
An update for machine-os-content-container is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as havi ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutio ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 75 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: OpenShift Container Platform 4124 machine-os-content-container security update
Type/Severity
Security Advisory: Important
Topic
Red Hat OpenShift Container Platform release 4124 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Pr ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 72 Advanced Update Support, Red Hat Enterprise Linux 72 Telco Extended Update Support, and Red Hat Enterprise Linux 72 Update Services for SAP Solutio ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Sco ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
A flaw was found in the way sudo implemented running commands with arbitrary user ID If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction ...