Home Linux Sudo Bug CVE-2019-14287 gets patched

Sudo Bug CVE-2019-14287 gets patched

Bug in the rug... but not anymore.

The Sudo bug designated CVE-2019-14287 in the Common Vulnerabilities and exposures Data Base has been patched by developers. The bug allowed users to bypass privilege restrictions to execute commands as root.

The bug was discovered by Apple security researcher Joe Vennix who discovered and analyzed the bug.

How The Sudo Bug Works

The Sudo bug would allow attackers to use the Sudo exploit by specifying the user ID of the person executing commands to be “-1” or “4294967295.” The bug would allow both of these user IDs to resolve automatically to the value “0” , the user ID for root access.

Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL
in the Runas specifier. Sudo supports running a command with a user-specified user name or user ID, if permitted by the sudoers policy. For example, the following sudoers entry allow the id command to be run as any user because it includes the ALL keyword in the Runas specifier.

The bug as powerful as it is would only work if a user was given access to a command via the Sudoers configuration file. As such it can really only be used under non standard configurations and will not affect the majority of Linux users. Having said that if you do happen to use Sudoers you should update to version 1.8.28 or later as soon as possible.

Sudo Versions affected

Sudo versions prior to 1.8.28 are affected and should be updated as soon as possible.

Sudo Bug Patched

The Sudo bug was patched by developers a few days ago at this point so make sure you update when the patch becomes available to your distro version. The Sudo version has been updated to version 1.8.28 . I noticed my machine had patches for it this morning when logging in to my system.

Sudo receives patch to resolve the CVE-2019-14287 bug. The Sudo version has been updated to version 1.8.28 .

Charles Leverehttps://www.riverbankwebdesign.ca/
Charles Levere is the editor-in-chief (dork-in-chief) of Urban Dork. When he is not writing, or tinkering with hardware, he is most likely playing one of his favorite video games. He also loves being near the water, kayaking, water skiing or anything that gets him on the water and in the sun.


  1. Hi guys,

    The tool https://github.com/TH3xACE/SUDO_KILLER allow you to detect the CVE-2019-14287 and also propose how to exploit it. There is also a docker with different sudo exploitation scenarios including the CVE-2019-14287. Just run the following command for the docker :

    service docker start

    docker pull th3xace/sudo_killer_demo

    docker run –rm -it th3xace/sudo_killer_demo



    Just scroll down and look for CVE-2019-14287, it will tell you how to exploit CVE-2019-14287.

    If you want to check for other CVEs, just run with -c argument.

    A +1 star please if you like the project.


Please enter your comment!
Please enter your name here

Most Popular

NVIDIA set to release their 3060 Ti December 2, 2020

What's the skinny? NVIDIA is releasing their RTX 3060 Ti tomorrow, December 2, 2020, ahead of their RTX 3060. NVIDIA is claiming...

Empire of Sin, Chronos: Before the Ashes, and Worms Rumble out on PC today

Three games are releasing today on PC, Empire of Sin, Chronos: Before the Ashes, and Worms Rumble. Ever...

Radeon Software Adrenalin 2020 Edition 20.11.3 Release Notes

This release provides support for Immortals: Fenyx Rising, and provides a few fixes, some of which are for the new 6000 series...

Sam & Max Save the World out on PC December 2, 2020

Some of the original developers updated the original Sam & Max Save the World with the blessing of the creator Steve Purcell....

Immortals Fenyx Rising out today on PC

Explore a beautiful, breathtaking world as you take on mythological beasts, build your legend, and carve out your destiny, and slay Typhon....

Recent Comments