2019-10-20 14:01:14 +02:00
|
|
|
action: global
|
2019-10-15 09:39:08 +02:00
|
|
|
title: Sudo Privilege Escalation CVE-2019-14287
|
2019-11-12 23:12:27 +01:00
|
|
|
id: f74107df-b6c6-4e80-bf00-4170b658162b
|
2019-10-15 09:39:08 +02:00
|
|
|
status: experimental
|
|
|
|
|
description: Detects users trying to exploit sudo vulnerability reported in CVE-2019-14287
|
|
|
|
|
references:
|
2019-10-15 09:44:17 +02:00
|
|
|
- https://www.openwall.com/lists/oss-security/2019/10/14/1
|
2019-10-15 09:39:08 +02:00
|
|
|
- https://access.redhat.com/security/cve/cve-2019-14287
|
|
|
|
|
- https://twitter.com/matthieugarin/status/1183970598210412546
|
|
|
|
|
author: Florian Roth
|
|
|
|
|
date: 2019/10/15
|
2019-10-20 14:02:10 +02:00
|
|
|
modified: 2019/10/20
|
2019-10-15 09:44:17 +02:00
|
|
|
tags:
|
|
|
|
|
- attack.privilege_escalation
|
|
|
|
|
- attack.t1068
|
|
|
|
|
- attack.t1169
|
2019-10-15 09:39:08 +02:00
|
|
|
logsource:
|
|
|
|
|
product: linux
|
|
|
|
|
falsepositives:
|
|
|
|
|
- Unlikely
|
|
|
|
|
level: critical
|
2019-10-20 14:01:14 +02:00
|
|
|
---
|
2019-10-15 14:55:09 +02:00
|
|
|
detection:
|
2019-10-20 14:01:14 +02:00
|
|
|
selection_keywords:
|
2019-10-20 14:02:10 +02:00
|
|
|
- '* -u#*'
|
2019-10-20 14:01:14 +02:00
|
|
|
condition: selection_keywords
|
|
|
|
|
---
|
|
|
|
|
detection:
|
|
|
|
|
selection_user:
|
|
|
|
|
USER:
|
|
|
|
|
- '#-*'
|
|
|
|
|
- '#*4294967295'
|
|
|
|
|
condition: selection_user
|
