<p>Upgrade <code>Ubuntu:14.04</code> <code>sudo</code> to version 1.8.9p5-1ubuntu1.5+esm2 or higher.</p>

Improper Handling of Exceptional Conditions Affecting sudo package, versions <1.8.9p5-1ubuntu1.5+esm2

Snyk CVSS

Attack Complexity Low

Confidentiality High

Integrity High

Availability High

Threat Intelligence

Exploit Maturity Mature

EPSS 30.81% (97^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UBUNTU1404-SUDO-473059
published 14 Oct 2019
disclosed 17 Oct 2019

Report a new vulnerability Found a mistake?

Introduced: 14 Oct 2019

CVE-2019-14287 Open this link in a new tab CWE-755 Open this link in a new tab

How to fix?

Upgrade Ubuntu:14.04 sudo to version 1.8.9p5-1ubuntu1.5+esm2 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream sudo package and not the sudo package as distributed by Ubuntu. See How to fix? for Ubuntu:14.04 relevant fixed versions and status.

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u #$((0xffffffff))" command.