Sudo Privilege Escalation CVE-2019-14287 - Builtin
Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
Sigma rule (View on GitHub)
1title: Sudo Privilege Escalation CVE-2019-14287 - Builtin
2id: 7fcc54cb-f27d-4684-84b7-436af096f858
3related:
4 - id: f74107df-b6c6-4e80-bf00-4170b658162b
5 type: derived
6status: test
7description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
8references:
9 - https://www.openwall.com/lists/oss-security/2019/10/14/1
10 - https://access.redhat.com/security/cve/cve-2019-14287
11 - https://twitter.com/matthieugarin/status/1183970598210412546
12author: Florian Roth (Nextron Systems)
13date: 2019-10-15
14modified: 2022-11-26
15tags:
16 - attack.privilege-escalation
17 - attack.t1068
18 - attack.t1548.003
19 - cve.2019-14287
20logsource:
21 product: linux
22 service: sudo
23detection:
24 selection_user:
25 USER:
26 - '#-*'
27 - '#*4294967295'
28 condition: selection_user
29falsepositives:
30 - Unlikely
31level: critical
References
-
[ ] [thread-next>] [day] [month] [year] [list] Message-ID: Date: Mon, 14 Oct 2019 09:00:31 -0600 From: "Todd C. Miller" To: oss-security@...ts.openwall.com Subject: Sudo: CVE-2019-14287 Sudo 1.8.28...
Read More -
Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Li...
Read More
Related rules
- Sudo Privilege Escalation CVE-2019-14287
- Audit CVE Event
- Buffer Overflow Attempts
- Exploiting CVE-2019-1388
- Exploiting SetupComplete.cmd CVE-2019-1378