### [CVE-2019-14287](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14287)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

### POC

#### Reference
- http://packetstormsecurity.com/files/154853/Slackware-Security-Advisory-sudo-Updates.html

#### Github
- https://github.com/0dayhunter/Linux-Privilege-Escalation-Resources
- https://github.com/0x4D5352/rekall-penetration-test
- https://github.com/0x783kb/Security-operation-book
- https://github.com/0xGabe/Sudo-1.8.27
- https://github.com/0xT11/CVE-POC
- https://github.com/0xdc10/agent-sudo-thm
- https://github.com/0xsyr0/OSCP
- https://github.com/1337kid/Exploits
- https://github.com/5l1v3r1/cve-2019-14287sudoexp
- https://github.com/ARPSyndicate/cvemon
- https://github.com/AfvanMoopen/tryhackme-
- https://github.com/Alex-Stinga/TryHackMe
- https://github.com/AnshumanSrivastavaGit/OSCP-3
- https://github.com/Brendaschec/Project-2-Offensive-Security
- https://github.com/CMNatic/Dockerized-CVE-2019-14287
- https://github.com/CMNatic/UoG-CTF
- https://github.com/CTF-Walkthroughs/Agent-Sudo-CTF-Writeup
- https://github.com/CashWilliams/CVE-2019-14287-demo
- https://github.com/CyberSec-Monkey/Zero2H4x0r
- https://github.com/DewmiApsara/CVE-2019-14287
- https://github.com/DularaAnushka/Linux-Privilege-Escalation-using-Sudo-Rights
- https://github.com/FauxFaux/sudo-cve-2019-14287
- https://github.com/Getshell/LinuxTQ
- https://github.com/H3xL00m/CVE-2019-14287
- https://github.com/Hasintha-98/Sudo-Vulnerability-Exploit-CVE-2019-14287
- https://github.com/HussyCool/CVE-2019-14287-IT18030372-
- https://github.com/InesMartins31/iot-cves
- https://github.com/JSchauert/Penetration-Testing-2
- https://github.com/JSchauert/Project-2-Offensive-Security-CTF
- https://github.com/Janette88/cve-2019-14287sudoexp
- https://github.com/JavierGomezSanchez/cve_exploits
- https://github.com/Kiosec/Linux-Exploitation
- https://github.com/Lodoelama/Offensive-Security-CTF-Project
- https://github.com/M108Falcon/Sudo-CVE-2019-14287
- https://github.com/MariliaMeira/CVE-2019-14287
- https://github.com/R0seSecurity/Linux_Priviledge_Escalation
- https://github.com/RoqueNight/Linux-Privilege-Escalation-Basics
- https://github.com/SachinthaDeSilva-cmd/Exploit-CVE-2019-14287
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SexyBeast233/SecBooks
- https://github.com/ShianTrish/sudo-Security-Bypass-vulnerability-CVE-2019-14287
- https://github.com/Sindadziy/cve-2019-14287
- https://github.com/Sindayifu/CVE-2019-14287-CVE-2014-6271
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Sithma/SNP
- https://github.com/Srinunaik000/Srinunaik000
- https://github.com/TCM-Course-Resources/Linux-Privilege-Escalation-Resources
- https://github.com/Tharana/Exploiting-a-Linux-kernel-vulnerability
- https://github.com/Tharana/vulnerability-exploitation
- https://github.com/TrojanAZhen/Self_Back
- https://github.com/XTeam-Wing/RedTeaming2020
- https://github.com/ZeusBanda/Linux_Priv-Esc_Cheatsheet
- https://github.com/a-nonymou-s/Agent-Sudo
- https://github.com/aWtlcm9h/Memo
- https://github.com/agariy/MyFirstWebShell
- https://github.com/alphaSeclab/sec-daily-2019
- https://github.com/axax002/sudo-vulnerability-CVE-2019-14287
- https://github.com/bianfusia/CTF-writeup
- https://github.com/bloodzer0/PoC
- https://github.com/brootware/awesome-cyber-security-university
- https://github.com/brootware/cyber-security-university
- https://github.com/c0d3cr4f73r/CVE-2019-14287
- https://github.com/catsecorg/CatSec-TryHackMe-WriteUps
- https://github.com/cookiengineer/groot
- https://github.com/crypticdante/CVE-2019-14287
- https://github.com/cxzczxzc/sudo-exploit-mitre-attack-poc
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/dhniroshan/offensive_hacking
- https://github.com/drone911/arts-pentesing-reports
- https://github.com/edsonjt81/CVE-2019-14287-
- https://github.com/ejlevin99/Sudo-Security-Bypass-Vulnerability
- https://github.com/emtuls/Awesome-Cyber-Security-List
- https://github.com/exfilt/CheatSheet
- https://github.com/geeksniper/Linux-privilege-escalation
- https://github.com/geleiaa/ceve-s
- https://github.com/go-bi/go-bi-soft
- https://github.com/gurkylee/Linux-Privilege-Escalation-Basics
- https://github.com/gurneesh/CVE-2019-14287-write-up
- https://github.com/hectorgie/PoC-in-GitHub
- https://github.com/huang919/cve-2019-14287-PPT
- https://github.com/janod313/-CVE-2019-14287-SUDO-bypass-vulnerability
- https://github.com/jordansinclair1990/TryHackMeAgentSudo
- https://github.com/josephalan42/CTFs-Infosec-Witeups
- https://github.com/k4u5h41/CVE-2019-14287
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/lairdking/read_sheet
- https://github.com/mai-lang-chai/System-Vulnerability
- https://github.com/makoto56/penetration-suite-toolkit
- https://github.com/malangalothbrok/linux-bypass
- https://github.com/malangalothbrok/sudo-linux-bypass
- https://github.com/mussar0x4D5352/rekall-penetration-test
- https://github.com/n0w4n/CVE-2019-14287
- https://github.com/n3ov4n1sh/CVE-2019-14287
- https://github.com/notnue/Linux-Privilege-Escalation
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/python-nerd-git/Sudo-Security-Bypass
- https://github.com/ra1nb0rn/search_vulns
- https://github.com/redcountryroad/OSCP-shortsheet
- https://github.com/retr0-13/Linux-Privilege-Escalation-Basics
- https://github.com/revanmalang/OSCP
- https://github.com/sRussBahari/Capture_The_Flag_Offensive_Security
- https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287
- https://github.com/shashihacks/OSCP
- https://github.com/shashihacks/OSWE
- https://github.com/shrishtydayal2304/100-days-of-code
- https://github.com/shyambhanushali/AttackDefendExercise
- https://github.com/sonu7519/linux-priv-Esc
- https://github.com/stefanman125/CyberSci-pizzashop
- https://github.com/substing/internal_ctf
- https://github.com/testermas/tryhackme
- https://github.com/thinuri99/Sudo-Security-Bypass-Vulnerability-CVE-2019-14287-
- https://github.com/tranquac/Linux-Privilege-Escalation
- https://github.com/txuswashere/OSCP
- https://github.com/txuswashere/Pentesting-Linux
- https://github.com/usamaelshazly/Linux-Privilege-Escalation
- https://github.com/wenyu1999/sudo-
- https://github.com/wiiwu959/Pentest-Record
- https://github.com/xhref/OSCP
- https://github.com/xyongcn/exploit
- https://github.com/yaguine/agent_sudo
- https://github.com/zhsh9/RedTeam