Sudo Privilege Escalation CVE-2019-14287 - Builtin
Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
Sigma rule (View on GitHub)
1title: Sudo Privilege Escalation CVE-2019-14287 - Builtin
2id: 7fcc54cb-f27d-4684-84b7-436af096f858
3related:
4 - id: f74107df-b6c6-4e80-bf00-4170b658162b
5 type: derived
6status: test
7description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
8references:
9 - https://www.openwall.com/lists/oss-security/2019/10/14/1
10 - https://access.redhat.com/security/cve/cve-2019-14287
11 - https://twitter.com/matthieugarin/status/1183970598210412546
12author: Florian Roth (Nextron Systems)
13date: 2019-10-15
14modified: 2022-11-26
15tags:
16 - attack.privilege-escalation
17 - attack.t1068
18 - attack.t1548.003
19 - cve.2019-14287
20logsource:
21 product: linux
22 service: sudo
23detection:
24 selection_user:
25 USER:
26 - '#-*'
27 - '#*4294967295'
28 condition: selection_user
29falsepositives:
30 - Unlikely
31level: critical
References
Related rules
- Sudo Privilege Escalation CVE-2019-14287
- Audit CVE Event
- Buffer Overflow Attempts
- Exploiting SetupComplete.cmd CVE-2019-1378
- Nimbuspwn Exploitation