高危 sudo < 1.8.28 本地提权漏洞
CVE编号
CVE-2019-14287利用情况
漏洞武器化补丁情况
官方补丁披露时间
2019-10-18漏洞描述
在1.8.28之前的Sudo中,有权访问Runas ALL sudoer帐户的攻击者可以通过使用特制用户ID调用sudo来绕过某些策略黑名单和会话PAM模块,并且可能导致错误的日志记录。例如,对于"sudo -u \#$((0xffffffff))"命令,这允许绕过!root配置和USER= logging。解决建议
安装补丁或升级至安全版本。受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | netapp | element_software_management_node | - | - | |||||
| 运行在以下环境 | |||||||||
| 应用 | sudo_project | sudo | * | Up to (excluding) 1.8.28 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alibaba_cloud_linux_2.1903 | sudo-devel | * | Up to (excluding) 1.8.23-4.1.al7.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | sudo | * | Up to (excluding) 1.8.27-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.16 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.17 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.18 | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.8 | sudo | * | Up to (excluding) 1.8.23-r3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.9 | sudo | * | Up to (excluding) 1.8.25_p1-r3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | sudo | * | Up to (excluding) 1.8.28-r0 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_2 | sudo | * | Up to (excluding) 1.8.23-4.amzn2.0.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | amazon_AMI | sudo | * | Up to (excluding) 1.8.6p3-29.28.amzn1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_6 | sudo | * | Up to (excluding) 1.8.6p3-29.el6_10.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_7 | sudo | * | Up to (excluding) 1.8.23-4.el7_7.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | sudo-debuginfo | * | Up to (excluding) 1.8.25p1-8.el8_1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | sudo | * | Up to (excluding) 1.8.27-1+deb10u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | sudo | * | Up to (excluding) 1.8.27-1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | sudo | * | Up to (excluding) 1.8.27-1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_8 | sudo | * | Up to (excluding) 1.8.10p3-1+deb8u3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | sudo | * | Up to (excluding) 1.8.19p1-2.1+deb9u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | sudo | * | Up to (excluding) 1.8.27-1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_29 | sudo-debuginfo | * | Up to (excluding) 1.8.28-1.fc29 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_30 | sudo-debuginfo | * | Up to (excluding) 1.8.28-1.fc30 | |||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_31 | sudo-debuginfo | * | Up to (excluding) 1.8.28-1.fc31 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10 | sudo | * | Up to (excluding) 1.8.23-10.el7_9.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP1 | sudo | * | Up to (excluding) 1.9.2-2.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10 | sudo | * | Up to (excluding) 1.8.23-10.el7_9.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP1 | sudo | * | Up to (excluding) 1.9.2-2.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.0 | sudo-test | * | Up to (excluding) 1.8.22-lp150.8.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.1 | sudo-test | * | Up to (excluding) 1.8.22-lp151.5.3.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | oraclelinux-release | * | Up to (excluding) 1.8.6p3-29.0.1.el6_10.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_7 | oraclelinux-release | * | Up to (excluding) 1.8.23-4.0.1.el7 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | oraclelinux-release | * | Up to (excluding) 1.8.25p1-4.0.1.el8_0.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_5 | sudo | * | Up to (excluding) 0:1.7.2p1-31.el5_11.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_6 | sudo | * | Up to (excluding) 0:1.8.6p3-29.el6_10.2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_7 | sudo | * | Up to (excluding) 1.8.23-4.el7_7.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | sudo-debuginfo | * | Up to (excluding) 1.8.25p1-8.el8_1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12 | sudo | * | Up to (excluding) 1.8.20p2-3.14 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP4 | sudo | * | Up to (excluding) 1.8.20p2-3.14.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04 | sudo | * | Up to (excluding) 1.8.16-0ubuntu1.8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_16.04.7_lts | sudo | * | Up to (excluding) 1.8.16-0ubuntu1.8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04 | sudo | * | Up to (excluding) 1.8.21p2-3ubuntu1.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | ubuntu_18.04.5_lts | sudo | * | Up to (excluding) 1.8.21p2-3ubuntu1.1 | |||||
- 攻击路径 本地
- 攻击复杂度 容易
- 权限要求 普通权限
- 影响范围 全局影响
- EXP成熟度 漏洞武器化
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 服务器失陷
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-755 | 对异常条件的处理不恰当 |
Exp相关链接
- https://github.com/CashWilliams/CVE-2019-14287-demo
- https://github.com/CMNatic/Dockerized-CVE-2019-14287
- https://github.com/DewmiApsara/CVE-2019-14287
- https://github.com/ejlevin99/Sudo-Security-Bypass-Vulnerability
- https://github.com/FauxFaux/sudo-cve-2019-14287
- https://github.com/gurneesh/CVE-2019-14287-write-up
- https://github.com/huang919/cve-2019-14287-PPT
- https://github.com/HussyCool/CVE-2019-14287-IT18030372-
- https://github.com/Janette88/cve-2019-14287sudoexp
- https://github.com/janod313/-CVE-2019-14287-SUDO-bypass-vulnerability
- https://github.com/M108Falcon/Sudo-CVE-2019-14287
- https://github.com/n0w4n/CVE-2019-14287
- https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287
- https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287
- https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287
- https://github.com/Sindadziy/cve-2019-14287
- https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271
- https://github.com/thinuri99/Sudo-Security-Bypass-Vulnerability-CVE-2019-14287-
- https://github.com/Unam3dd/sudo-vulnerability-CVE-2019-14287
- https://github.com/wenyu1999/sudo-
- https://tryhackme.com/room/sudovulnsbypass
- https://www.exploit-db.com/exploits/47502
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论