rule: updated sudo vuln rule to detect 0-padding

https://twitter.com/taviso/status/1184238670343065600
2024-11-07 01:45:21 +00:00 · 2019-10-16 15:03:28 +02:00 · 2019-10-16 15:03:28 +02:00 · 5374d18e4b
commit 5374d18e4b
parent c396526f40
1 changed files with 4 additions and 1 deletions
--- a/rules/linux/lnx_sudo_cve_2019_14287.yml
+++ b/rules/linux/lnx_sudo_cve_2019_14287.yml
@ -22,12 +22,15 @@ level: critical
 detection:
    selection_keywords:
        - '* -u#-1*'
+        - '* -u#-01*'
+        - '* -u#-001*'
+        - '* -u#-000*'
        - '* -u#4294967295*'
    condition: selection_keywords
 --- 
 detection:
    selection_user:
        USER:
-            - '#-1'
+            - '#-*'
            - '#4294967295'
    condition: selection_user