rule: sudo priv esc vuln CVE-2019-14287

2024-11-07 01:45:21 +00:00 · 2019-10-15 09:39:08 +02:00 · 2019-10-15 09:39:08 +02:00 · 49ed76004c
commit 49ed76004c
parent 52fef7ae10
1 changed files with 18 additions and 0 deletions
--- a/rules/linux/lnx_sudo_cve_2019_14287.yml
+++ b/rules/linux/lnx_sudo_cve_2019_14287.yml
@ -0,0 +1,18 @@
+title: Sudo Privilege Escalation CVE-2019-14287
+status: experimental
+description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
+references:
+    - https://access.redhat.com/security/cve/cve-2019-14287
+    - https://twitter.com/matthieugarin/status/1183970598210412546
+author: Florian Roth
+date: 2019/10/15
+logsource:
+    product: linux
+detection:
+    keywords:
+        - '* -u#-1*'
+        - '* -u#4294967295*'
+    condition: keywords
+falsepositives:
+    - Unlikely
+level: critical