HackDig : Dig high-quality web security articles for hackers

How to detect CVE-2019-14287 using Falco

2019-10-18 04:35

A recent flaw, CVE-2019-14287, has been found in sudo. In this blogpost, we are going to show you how to use Falco or Sysdig Secure, to detect any exploit attempts against this vulnerability.

sudo allows users to run commands with other user privileges. It is typically used to allow unprivileged users to execute commands as root. The issue exists in the way sudo has implemented running commands with an arbitrary user ID in versions earlier than 1.8.28. The CVSS v3 score is 7.8, so we are talking about a high severity vulnerability, easy to exploit, although the attack vector is local and requires a non-default configuration.

Exploiting this bug requires the malicious user having privileges that allow running commands as any user (except root). If the sudoers file has an entry with the special value ALL in the Runas parameter, the conditions will be met.


Source: /78241-9102-evc-gnitceted/golb/moc.gidsys

Read:960 | Comments:0 | Tags:Falco cve

“How to detect CVE-2019-14287 using Falco”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code: