Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2019-14287

Description

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

POC

Reference

- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html

Github

- https://github.com/0dayhunter/Linux-Privilege-Escalation-Resources

- https://github.com/0x4D5352/rekall-penetration-test

- https://github.com/0x783kb/Security-operation-book

- https://github.com/0xGabe/Sudo-1.8.27

- https://github.com/0xT11/CVE-POC

- https://github.com/0xdc10/agent-sudo-thm

- https://github.com/0xsyr0/OSCP

- https://github.com/1337kid/Exploits

- https://github.com/5l1v3r1/cve-2019-14287sudoexp

- https://github.com/AMatheusFeitosaM/OSCP-Cheat

- https://github.com/ARPSyndicate/cvemon

- https://github.com/Aakash-M-o-d-i/Tryhackme_AgentSudo_Walkthrough

- https://github.com/AfvanMoopen/tryhackme-

- https://github.com/Alex-Stinga/TryHackMe

- https://github.com/AlienTec1908/Choc_HackMyVM_Hard

- https://github.com/AnshumanSrivastavaGit/OSCP-3

- https://github.com/Brendaschec/Project-2-Offensive-Security

- https://github.com/CMNatic/Dockerized-CVE-2019-14287

- https://github.com/CMNatic/UoG-CTF

- https://github.com/CTF-Walkthroughs/Agent-Sudo-CTF-Writeup

- https://github.com/CVE-Hunters/universidade-de-seguranca-cibernetica

- https://github.com/CashWilliams/CVE-2019-14287-demo

- https://github.com/CyberSec-Monkey/Zero2H4x0r

- https://github.com/DewmiApsara/CVE-2019-14287

- https://github.com/DonTrabajo/DonTrabajoGPT

- https://github.com/DularaAnushka/Linux-Privilege-Escalation-using-Sudo-Rights

- https://github.com/EnriqueSanchezdelVillar/NotesHck

- https://github.com/Esther7171/THM-Walkthroughs

- https://github.com/Esther7171/TryHackMe-Walkthroughs

- https://github.com/Faizan-Khanx/OSCP

- https://github.com/FauxFaux/sudo-cve-2019-14287

- https://github.com/Getshell/LinuxTQ

- https://github.com/H3xL00m/CVE-2019-14287

- https://github.com/H4niz/oscp-note

- https://github.com/Hasintha-98/Sudo-Vulnerability-Exploit-CVE-2019-14287

- https://github.com/HussyCool/CVE-2019-14287-IT18030372-

- https://github.com/InesMartins31/iot-cves

- https://github.com/JSchauert/Penetration-Testing-2

- https://github.com/JSchauert/Project-2-Offensive-Security-CTF

- https://github.com/Janette88/cve-2019-14287sudoexp

- https://github.com/JavierGomezSanchez/cve_exploits

- https://github.com/JordanMcAlpine1/WebAppLinuxWindowsPenTest

- https://github.com/KarimLedesmaHaron/THM-Tutoriales

- https://github.com/Kiosec/Linux-Exploitation

- https://github.com/Lodoelama/Offensive-Security-CTF-Project

- https://github.com/M108Falcon/Sudo-CVE-2019-14287

- https://github.com/MGamalCYSEC/ExploitFix-Linux

- https://github.com/Maikefee/linux-exploit-hunter

- https://github.com/MariliaMeira/CVE-2019-14287

- https://github.com/N3rdyN3xus/CVE-2019-14287

- https://github.com/NyxByt3/CVE-2019-14287

- https://github.com/R0seSecurity/Linux_Priviledge_Escalation

- https://github.com/ReflectedThanatos/OSCP-cheatsheet

- https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics

- https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287

- https://github.com/SantoriuHen/NotesHck

- https://github.com/Sec-Dojo-Cyber-House/universidade-de-seguranca-cibernetica

- https://github.com/SenukDias/OSCP_cheat

- https://github.com/SexyBeast233/SecBooks

- https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287

- https://github.com/Sindadziy/cve-2019-14287

- https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271

- https://github.com/SirElmard/ethical_hacking

- https://github.com/Sithma/SNP

- https://github.com/Sp3c73rSh4d0w/CVE-2019-14287

- https://github.com/Srinunaik000/Srinunaik000

- https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources

- https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability

- https://github.com/Tharana/vulnerability-exploitation

- https://github.com/TrojanAZhen/Self_Back

- https://github.com/VishuGahlyan/OSCP

- https://github.com/XTeam-Wing/RedTeaming2020

- https://github.com/ZammelSofien/Exploiting-GetSimple-3.3.15

- https://github.com/Zerodex1/Linux-Privilege-escalation

- https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet

- https://github.com/a-nonymou-s/Agent-Sudo

- https://github.com/aWtlcm9h/Memo

- https://github.com/adnan-kutay-yuksel/tryhackme-all-rooms-database

- https://github.com/agariy/MyFirstWebShell

- https://github.com/akyuksel/tryhackme-all-rooms-database

- https://github.com/alphaSeclab/sec-daily-2019

- https://github.com/ankrahjoseph/Rekall-Penetration-Test-CTF

- https://github.com/axax002/sudo-vulnerability-CVE-2019-14287

- https://github.com/bianfusia/CTF-writeup

- https://github.com/bloodzer0/PoC

- https://github.com/brootware/awesome-cyber-security-university

- https://github.com/brootware/cyber-security-university

- https://github.com/c0d3cr4f73r/CVE-2019-14287

- https://github.com/catsecorg/CatSec-TryHackMe-WriteUps

- https://github.com/cookiengineer/goroot

- https://github.com/cookiengineer/groot

- https://github.com/crypticdante/CVE-2019-14287

- https://github.com/cxzczxzc/sudo-exploit-mitre-attack-poc

- https://github.com/d4redevilx/OSCP-CheetSheet

- https://github.com/developer3000S/PoC-in-GitHub

- https://github.com/dhniroshan/offensive_hacking

- https://github.com/drone911/arts-pentesing-reports

- https://github.com/edsonjt81/CVE-2019-14287-

- https://github.com/ejlevin99/Sudo-Security-Bypass-Vulnerability

- https://github.com/emtuls/Awesome-Cyber-Security-List

- https://github.com/exfilt/CheatSheet

- https://github.com/fahimalshihab/Boot2Root

- https://github.com/fazilbaig1/oscp

- https://github.com/filipnyquist/search_vulns

- https://github.com/geeksniper/Linux-privilege-escalation

- https://github.com/geleiaa/ceve-s

- https://github.com/go-bi/go-bi-soft

- https://github.com/gurkylee/Linux-Privilege-Escalation-Basics

- https://github.com/gurneesh/CVE-2019-14287-write-up

- https://github.com/h3x0v3rl0rd/CVE-2019-14287

- https://github.com/h3xcr4ck3r/CVE-2019-14287

- https://github.com/hectorgie/PoC-in-GitHub

- https://github.com/huang919/cve-2019-14287-PPT

- https://github.com/janod313/-CVE-2019-14287-SUDO-bypass-vulnerability

- https://github.com/jitmondal1/OSCP

- https://github.com/jordansinclair1990/TryHackMeAgentSudo

- https://github.com/josephalan42/CTFs-Infosec-Witeups

- https://github.com/justdoston/galaxy

- https://github.com/k4u5h41/CVE-2019-14287

- https://github.com/kaungsithu19/Black-Box-Pen-testing-DVWA

- https://github.com/kgwanjala/oscp-cheatsheet

- https://github.com/lairdking/read_sheet

- https://github.com/lemonadern/poc-cve-2019-14287

- https://github.com/mai-lang-chai/System-Vulnerability

- https://github.com/makoto56/penetration-suite-toolkit

- https://github.com/malangalothbrok/linux-bypass

- https://github.com/malangalothbrok/sudo-linux-bypass

- https://github.com/mussar0x4D5352/rekall-penetration-test

- https://github.com/n0-traces/cve_monitor

- https://github.com/n0w4n/CVE-2019-14287

- https://github.com/n3ov4n1sh/CVE-2019-14287

- https://github.com/n3rdh4x0r/CVE-2019-14287

- https://github.com/nediazla/Escalar_privilegios_Linux

- https://github.com/notnue/Linux-Privilege-Escalation

- https://github.com/oscpname/OSCP_cheat

- https://github.com/parth45/cheatsheet

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/python-nerd-git/Sudo-Security-Bypass

- https://github.com/r0Security/Linux_Priviledge_Escalation

- https://github.com/ra1nb0rn/search_vulns

- https://github.com/redcountryroad/OSCP-shortsheet

- https://github.com/retr0-13/Linux-Privilege-Escalation-Basics

- https://github.com/revanmalang/OSCP

- https://github.com/sRussBahari/Capture_The_Flag_Offensive_Security

- https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287

- https://github.com/shashihacks/OSCP

- https://github.com/shashihacks/OSWE

- https://github.com/shrishtydayal2304/100-days-of-code

- https://github.com/shyambhanushali/AttackDefendExercise

- https://github.com/sonu7519/linux-priv-Esc

- https://github.com/stefanman125/CyberSci-pizzashop

- https://github.com/substing/internal_ctf

- https://github.com/team4kira/Cybersecurity-Project-2

- https://github.com/testermas/tryhackme

- https://github.com/thinuri99/Sudo-Security-Bypass-Vulnerability-CVE-2019-14287-

- https://github.com/tranquac/Linux-Privilege-Escalation

- https://github.com/txuswashere/OSCP

- https://github.com/txuswashere/Pentesting-Linux

- https://github.com/usamaelshazly/Linux-Privilege-Escalation

- https://github.com/uttambodara/Awesome-Hacking-Learning-Path

- https://github.com/w3workerz/THM-Walkthroughs

- https://github.com/wenyu1999/sudo-

- https://github.com/wiiwu959/Pentest-Record

- https://github.com/xasyhack/oscp2025

- https://github.com/xasyhack/oscp_cheat_sheet_2025

- https://github.com/xhref/OSCP

- https://github.com/xyongcn/exploit

- https://github.com/yaguine/agent_sudo

- https://github.com/zhsh9/RedTeam

- https://github.com/zobiabilal4/CyberSecurity