CVE-2019-14287 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	A flaw was found in the way sudo prior to 1.8.28 implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1047	sudo	1.8.27-1	1.8.28-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
16 Oct 2019	ASA-201910-9	AVG-1047	sudo	High	privilege escalation

References
https://www.sudo.ws/alerts/minus_1_uid.html https://www.sudo.ws/repos/sudo/rev/83db8dba09e7

Notes
This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example: bob myhost = (ALL, !root) /usr/bin/vi This configuration allows user bob to run vi command as any other user except root. However, this flaw also allows bob to run the vi command as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration. Any other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.

Notes

This flaw only affects specific, non-default configurations of sudo, in which sudoers configuration entry allows a user to run a command as any user except root, for example:

  bob myhost = (ALL, !root) /usr/bin/vi

This configuration allows user bob to run vi command as any other user except root. However, this flaw also allows bob to run the vi command as root by specifying the target user using the numeric id of -1. Only the specified command can be run, this flaw does NOT allow user to run other commands that those specified in the sudoers configuration.
Any other configurations of sudo (including configurations that allow user to run commands as any user including root and configurations that allow user to run command as a specific other user) are NOT affected by this flaw.