Sudo Privilege Escalation CVE-2019-14287 - Builtin

Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287

Sigma rule (View on GitHub)

 1title: Sudo Privilege Escalation CVE-2019-14287 - Builtin
 2id: 7fcc54cb-f27d-4684-84b7-436af096f858
 3related:
 4    - id: f74107df-b6c6-4e80-bf00-4170b658162b
 5      type: derived
 6status: test
 7description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
 8references:
 9    - https://www.openwall.com/lists/oss-security/2019/10/14/1
10    - https://access.redhat.com/security/cve/cve-2019-14287
11    - https://twitter.com/matthieugarin/status/1183970598210412546
12author: Florian Roth (Nextron Systems)
13date: 2019/10/15
14modified: 2022/11/26
15tags:
16    - attack.privilege_escalation
17    - attack.t1068
18    - attack.t1548.003
19    - cve.2019.14287
20logsource:
21    product: linux
22    service: sudo
23detection:
24    selection_user:
25        USER:
26            - '#-*'
27            - '#*4294967295'
28    condition: selection_user
29falsepositives:
30    - Unlikely
31level: critical

References

Related rules

to-top