Sudo Privilege Escalation CVE-2019-14287
Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
Sigma rule (View on GitHub)
1title: Sudo Privilege Escalation CVE-2019-14287
2id: f74107df-b6c6-4e80-bf00-4170b658162b
3status: test
4description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
5references:
6 - https://www.openwall.com/lists/oss-security/2019/10/14/1
7 - https://access.redhat.com/security/cve/cve-2019-14287
8 - https://twitter.com/matthieugarin/status/1183970598210412546
9author: Florian Roth (Nextron Systems)
10date: 2019-10-15
11modified: 2022-10-05
12tags:
13 - attack.defense-evasion
14 - attack.privilege-escalation
15 - attack.t1068
16 - attack.t1548.003
17 - cve.2019-14287
18 - detection.emerging-threats
19logsource:
20 product: linux
21 category: process_creation
22detection:
23 selection:
24 CommandLine|contains: ' -u#'
25 condition: selection
26falsepositives:
27 - Unlikely
28level: high
References
-
[ ] [thread-next>] [day] [month] [year] [list] Message-ID: Date: Mon, 14 Oct 2019 09:00:31 -0600 From: "Todd C. Miller" To: oss-security@...ts.openwall.com Subject: Sudo: CVE-2019-14287 Sudo 1.8.28...
Read More -
Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Li...
Read More -
Something went wrong, but don’t fret — let’s give it another shot. Some privacy related extensions may cause issues on x.com. Please disable them and try again.
Read More
Related rules
- Sudo Privilege Escalation CVE-2019-14287 - Builtin
- Exploiting SetupComplete.cmd CVE-2019-1378
- Antivirus PrinterNightmare CVE-2021-34527 Exploit Detection
- OMIGOD HTTP No Authentication RCE - CVE-2021-38647
- Potential Nimbuspwn Exploit CVE-2022-29799 and CVE-2022-27800