{"uuid": "cfb7b3aa-e3bc-4dec-a28c-383182f6080d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2019-14287", "type": "seen", "source": "https://t.me/HackerOne/2531", "content": "Potential bypass of Runas user restrictions\n\nRelease Date:\nOctober 14, 2019\nSummary:\nWhen sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.\n\nThis can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.\n\n@ctfplay\nLog entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.\nSudo versions affected:\nSudo versions prior to 1.8.28 are affected.\nCVE ID:\nThis vulnerability has been assigned CVE-2019-14287 in the Common Vulnerabilities and Exposures database. \n\nRef:\nhttps://www.sudo.ws/alerts/minus_1_uid.html\nhttps://access.redhat.com/security/cve/cve-2019-14287\n#News\n#Linux\n@ctfplay", "creation_timestamp": "2019-10-16T09:13:34.000000Z"}