valitydev/SigmaHQ
14
0
Fork 0
mirror of https://github.com/valitydev/SigmaHQ.git synced 2024-11-06 17:35:19 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
458973af81
SigmaHQ/rules/linux/lnx_sudo_cve_2019_14287.yml
frack113 086a15fc45 Update global ID
2021-09-02 20:07:03 +02:00

36 lines
930 B
YAML
Raw Blame History

action: global
title: Sudo Privilege Escalation CVE-2019-14287
status: experimental
description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
author: Florian Roth
date: 2019/10/15
modified: 2019/10/20
references:
- https://www.openwall.com/lists/oss-security/2019/10/14/1
- https://access.redhat.com/security/cve/cve-2019-14287
- https://twitter.com/matthieugarin/status/1183970598210412546
logsource:
product: linux
falsepositives:
- Unlikely
level: critical
tags:
- attack.privilege_escalation
- attack.t1068
- attack.t1169 # an old one
- attack.t1548.003
---
id: f74107df-b6c6-4e80-bf00-4170b658162b
detection:
selection_keywords:
- '* -u#*'
condition: selection_keywords
---
id: 7fcc54cb-f27d-4684-84b7-436af096f858
detection:
selection_user:
USER:
- '#-*'
- '#*4294967295'
condition: selection_user
Reference in New Issue View Git Blame Copy Permalink