Sudo Privilege Escalation CVE-2019-14287
Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
Sigma rule (View on GitHub)
1title: Sudo Privilege Escalation CVE-2019-14287
2id: f74107df-b6c6-4e80-bf00-4170b658162b
3status: test
4description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
5references:
6 - https://www.openwall.com/lists/oss-security/2019/10/14/1
7 - https://access.redhat.com/security/cve/cve-2019-14287
8 - https://twitter.com/matthieugarin/status/1183970598210412546
9author: Florian Roth (Nextron Systems)
10date: 2019-10-15
11modified: 2022-10-05
12tags:
13 - attack.privilege-escalation
14 - attack.t1068
15 - attack.t1548.003
16 - cve.2019-14287
17logsource:
18 product: linux
19 category: process_creation
20detection:
21 selection:
22 CommandLine|contains: ' -u#'
23 condition: selection
24falsepositives:
25 - Unlikely
26level: high
References
Related rules
- Sudo Privilege Escalation CVE-2019-14287 - Builtin
- Audit CVE Event
- Buffer Overflow Attempts
- Exploiting SetupComplete.cmd CVE-2019-1378
- Nimbuspwn Exploitation