Show filters

Showing topic results for "CVE-2019-14287":

(1-1 of 1)

Sort by:
Attacker Value


Disclosure Date: October 17, 2019 (last updated June 05, 2020)
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Attack Vector: Network Privileges: Low User Interaction: None