sudo < 1.8.28 本地提权漏洞

CVE编号

CVE-2019-14287

利用情况

漏洞武器化

补丁情况

官方补丁

披露时间

2019-10-18

漏洞描述

在1.8.28之前的Sudo中，有权访问Runas ALL sudoer帐户的攻击者可以通过使用特制用户ID调用sudo来绕过某些策略黑名单和会话PAM模块，并且可能导致错误的日志记录。例如，对于"sudo -u \#$((0xffffffff))"命令，这允许绕过!root配置和USER= logging。

解决建议

安装补丁或升级至安全版本。

参考链接
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00042.html
http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00047.html
http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-...
http://www.openwall.com/lists/oss-security/2019/10/14/1
http://www.openwall.com/lists/oss-security/2019/10/24/1
http://www.openwall.com/lists/oss-security/2019/10/29/3
http://www.openwall.com/lists/oss-security/2021/09/14/2
https://access.redhat.com/errata/RHBA-2019:3248
https://access.redhat.com/errata/RHSA-2019:3197
https://access.redhat.com/errata/RHSA-2019:3204
https://access.redhat.com/errata/RHSA-2019:3205
https://access.redhat.com/errata/RHSA-2019:3209
https://access.redhat.com/errata/RHSA-2019:3219
https://access.redhat.com/errata/RHSA-2019:3278
https://access.redhat.com/errata/RHSA-2019:3694
https://access.redhat.com/errata/RHSA-2019:3754
https://access.redhat.com/errata/RHSA-2019:3755
https://access.redhat.com/errata/RHSA-2019:3895
https://access.redhat.com/errata/RHSA-2019:3916
https://access.redhat.com/errata/RHSA-2019:3941
https://access.redhat.com/errata/RHSA-2019:4191
https://access.redhat.com/errata/RHSA-2020:0388
https://lists.debian.org/debian-lts-announce/2019/10/msg00022.html
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://resources.whitesourcesoftware.com/blog-whitesource/new-vulnerability-...
https://seclists.org/bugtraq/2019/Oct/20
https://seclists.org/bugtraq/2019/Oct/21
https://security.gentoo.org/glsa/202003-12
https://security.netapp.com/advisory/ntap-20191017-0003/
https://support.f5.com/csp/article/K53746212?utm_source=f5support&utm_medium=RSS
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-...
https://usn.ubuntu.com/4154-1/
https://www.debian.org/security/2019/dsa-4543
https://www.openwall.com/lists/oss-security/2019/10/15/2
https://www.sudo.ws/alerts/minus_1_uid.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	netapp	element_software_management_node	-	-
	运行在以下环境
	应用	sudo_project	sudo	*		Up to (excluding) 1.8.28
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	sudo	*		Up to (excluding) 1.8.23-4.1.al7.1
	运行在以下环境
	系统	alpine_3.10	sudo	*		Up to (excluding) 1.8.27-r1
	运行在以下环境
	系统	alpine_3.11	sudo	*		Up to (excluding) 1.8.28-r0
	运行在以下环境
	系统	alpine_3.12	sudo	*		Up to (excluding) 1.8.28-r0
	运行在以下环境
	系统	alpine_3.13	sudo	*		Up to (excluding) 1.8.28-r0
	运行在以下环境
	系统	alpine_3.14	sudo	*		Up to (excluding) 1.8.28-r0
	运行在以下环境
	系统	alpine_3.15	sudo	*		Up to (excluding) 1.8.28-r0
	运行在以下环境
	系统	alpine_3.8	sudo	*		Up to (excluding) 1.8.23-r3
	运行在以下环境
	系统	alpine_3.9	sudo	*		Up to (excluding) 1.8.25_p1-r3
	运行在以下环境
	系统	alpine_edge	sudo	*		Up to (excluding) 1.8.28-r0
	运行在以下环境
	系统	amazon_2	sudo	*		Up to (excluding) 1.8.23-4.amzn2.0.1
	运行在以下环境
	系统	amazon_AMI	sudo	*		Up to (excluding) 1.8.6p3-29.28.amzn1
	运行在以下环境
	系统	centos_6	sudo	*		Up to (excluding) 1.8.6p3-29.el6_10.2
	运行在以下环境
	系统	centos_7	sudo	*		Up to (excluding) 1.8.23-4.el7_7.1
	运行在以下环境
	系统	centos_8	sudo	*		Up to (excluding) 1.8.25p1-8.el8_1
	运行在以下环境
	系统	debian_10	sudo	*		Up to (excluding) 1.8.27-1+deb10u1
	运行在以下环境
	系统	debian_8	sudo	*		Up to (excluding) 1.8.10p3-1+deb8u3
	运行在以下环境
	系统	debian_9	sudo	*		Up to (excluding) 1.8.19p1-2.1+deb9u1
	运行在以下环境
	系统	fedora_29	sudo	*		Up to (excluding) 1.8.28-1.fc29
	运行在以下环境
	系统	fedora_30	sudo	*		Up to (excluding) 1.8.28-1.fc30
	运行在以下环境
	系统	fedora_31	sudo	*		Up to (excluding) 1.8.28-1.fc31
	运行在以下环境
	系统	opensuse_Leap_15.0	sudo	*		Up to (excluding) 1.8.22-lp150.8.1
	运行在以下环境
	系统	opensuse_Leap_15.1	sudo	*		Up to (excluding) 1.8.22-lp151.5.3.1
	运行在以下环境
	系统	oracle_6	sudo	*		Up to (excluding) 1.8.6p3-29.0.1.el6_10.3
	运行在以下环境
	系统	oracle_7	sudo	*		Up to (excluding) 1.8.23-4.0.2.el7_7.2
	运行在以下环境
	系统	oracle_8	sudo	*		Up to (excluding) 1.8.25p1-8.el8_1
	运行在以下环境
	系统	redhat_8	sudo	*		Up to (excluding) 1.8.25p1-8.el8_1
	运行在以下环境
	系统	suse_12_SP4	sudo	*		Up to (excluding) 1.8.20p2-3.14.1
	运行在以下环境
	系统	ubuntu_14.04	sudo	*		Up to (excluding) 1.8.9p5-1ubuntu1.5+esm2
	运行在以下环境
系统	ubuntu_16.04	sudo	*		Up to (excluding) 1.8.16-0ubuntu1.8
运行在以下环境
系统	ubuntu_18.04	sudo	*		Up to (excluding) 1.8.21p2-3ubuntu1.1

攻击路径本地
攻击复杂度容易
权限要求普通权限
影响范围全局影响
EXP成熟度漏洞武器化
补丁情况官方补丁
数据保密性无影响
数据完整性无影响
服务器危害服务器失陷
全网数量 N/A

CWE-ID 漏洞类型 CWE-755 对异常条件的处理不恰当

正文

漏洞描述

解决建议

参考链接

受影响软件情况

相关阅读

IBM Jazz Reporting Service-Rational-CLM安全绕过管理任务执行漏洞

IBM Tivoli Federated Identity Manager up to 6.2.2 FP15 跨站脚本攻击

IBM WebSphere MQ Light拒绝服务漏洞

IBM Security Network Protection GSKit信息泄露漏洞

发表评论取消回复

还没有评论，来说两句吧...

目录[+]