Sudo Privilege Escalation CVE-2019-14287
Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
Sigma rule (View on GitHub)
1title: Sudo Privilege Escalation CVE-2019-14287
2id: f74107df-b6c6-4e80-bf00-4170b658162b
3status: test
4description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
5references:
6 - https://www.openwall.com/lists/oss-security/2019/10/14/1
7 - https://access.redhat.com/security/cve/cve-2019-14287
8 - https://twitter.com/matthieugarin/status/1183970598210412546
9author: Florian Roth (Nextron Systems)
10date: 2019/10/15
11modified: 2022/10/05
12tags:
13 - attack.privilege_escalation
14 - attack.t1068
15 - attack.t1548.003
16 - cve.2019.14287
17logsource:
18 product: linux
19 category: process_creation
20detection:
21 selection:
22 CommandLine|contains: ' -u#'
23 condition: selection
24falsepositives:
25 - Unlikely
26level: high
References
-
[ ] [thread-next>] [day] [month] [year] [list] Date: Mon, 14 Oct 2019 09:00:31 -0600 From: "Todd C. Miller" To: oss-security@...ts.openwall.com Subject: Sudo: CVE-2019-14287 Sudo 1.8.28 has been to...
Read More -
Skip to navigation Skip to main content Utilities Subscriptions Downloads Red Hat Console Get Support Subscriptions Downloads Red Hat Console Get Support Products Top Products Red Hat Enterprise Li...
Read More -
Related rules
- Sudo Privilege Escalation CVE-2019-14287 - Builtin
- Audit CVE Event
- OMIGOD SCX RunAsProvider ExecuteScript
- OMIGOD SCX RunAsProvider ExecuteShellCommand
- OMIGOD SCX RunAsProvider ExecuteShellCommand - Auditd