Published: 19/12/2019 Updated: 14/05/2024

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

In Sudo up to and including 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions

Vulnerable Product	Search on Vulmon	Subscribe to Product
sudo sudo

Debian Bug report logs - #947225 sudo: CVE-2019-19232 CVE-2019-19234 Package: src:sudo; Maintainer for src:sudo is Bdale Garbee <bdale@gagcom>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 23 Dec 2019 06:57:02 UTC Severity: important Tags: security, upstream Found in version sudo/1829-1 R ...

Synopsis Moderate: sudo security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for sudo is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System ( ...

Synopsis Important: Container-native Virtualization security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 240 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Securi ...

Stuck inside with nothing to do? Apple fires out security fixes for iOS, macOS, wrist-puters... and something weird called iTunes for Windows

The Register • Shaun Nichols in San Francisco • 25 Mar 2020

Dozens of bugs swatted in latest Cupertino updates

Apple has emitted a bundle of security fixes ranging across its product lines. The seven updates address dozens of CVE-listed flaws in the firmware and software components of Cupertino's portables and desktops. Since you're stuck inside by the coronavirus pandemic, now's a great time to get patching. For the flagship iOS, the 13.4 update includes fixes for 30 security holes. Among the most serious are the bugs in WebKit, the browser engine at the heart of iOS. They include remote code execution ...

NVD-CWE-noinfo https://www.sudo.ws/stable.html https://www.sudo.ws/devel.html#1.8.30b2 https://security.netapp.com/advisory/ntap-20200103-0004/https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5506 https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19232 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58103 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812 https://access.redhat.com/security/cve/cve-2019-19232 https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs76870 https://support.apple.com/kb/HT211100 http://seclists.org/fulldisclosure/2020/Mar/31 https://support.apple.com/en-gb/HT211100 https://www.tenable.com/plugins/nessus/133936 https://www.oracle.com/security-alerts/bulletinapr2020.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225 https://nvd.nist.gov

CVE-2019-19232

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Recent Articles

References

Vulmon Search

About

Products

Connect