Sudo CVE-2019-14287 Reported Oct 14

Support for security such as Firewalls and securing linux
Post Reply
jakepogo
Posts: 3
Joined: 2014/02/07 17:49:48

Sudo CVE-2019-14287 Reported Oct 14

Post by jakepogo » 2019/10/18 14:41:37

ALL Sudo versions prior to 1.8.28 (CEntOS 6 is currently synced with v 1.8.6p3) are susceptible to an escalation flaw related to user -1. The report said that linux distros would be updated as soon as possible but I havent found any information about when CEntOS would sync up with the safer version, does anyone know? This seems like a pretty major flaw :(

https://thehackernews.com/2019/10/linux ... -flaw.html

stevemowbray
Posts: 482
Joined: 2012/06/26 14:20:47

Re: Sudo CVE-2019-14287 Reported Oct 14

Post by stevemowbray » 2019/10/18 15:24:58

I'd say it's a pretty minor flaw as I wouldn't expect many people to have set up a vulnerable configuration. It's easy enough to fix your own configuration if you have done so.

User avatar
TrevorH
Forum Moderator
Posts: 27152
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Sudo CVE-2019-14287 Reported Oct 14

Post by TrevorH » 2019/10/18 16:57:02

Please see https://access.redhat.com/security/cve/cve-2019-14287 for both information about what configurations are vulnerable and for progress about the path to a patch. News about the fix will appear on that page first and when Redhat release it for RHEL then CentOS will pick it up and rebuild it too.

Due to the fact that the exploit is local only and also has very specific configuration requirements before your system will be vulnerable - even with the unpatched version - the majority of people will be unaffected.
CentOS 6 will die in November 2020 - migrate sooner rather than later!
CentOS 5 has been EOL for nearly 3 years and should no longer be used for anything!
Full time Geek, part time moderator. Use the FAQ Luke

aks
Posts: 2859
Joined: 2014/09/20 11:22:14

Re: Sudo CVE-2019-14287 Reported Oct 14

Post by aks » 2019/10/23 17:38:51

Frankly, if somebody is already in as in they can execute sudo, you've got bigger problems ...

Post Reply

Return to “CentOS 6 - Security Support”