CVE-2019-19254

Current Description

** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash.

Basic Data

PublishedDecember 19, 2019
Last ModifiedJanuary 30, 2020
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-noinfo
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactNONE
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationSudoSudo********1.8.29

Vulnerable Software List

VendorProductVersions
Sudo Sudo *

References

NameSourceURLTags
https://access.redhat.com/security/cve/cve-2019-19234https://access.redhat.com/security/cve/cve-2019-19234CONFIRM
FEDORA-2020-7c1b270959https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6TKFFEDORA
FEDORA-2020-8b563bc5f4https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY6DZFEDORA
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58104MISC
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58473MISC
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58772MISC
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812MISC
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979MISC
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs60748MISC
https://security.netapp.com/advisory/ntap-20200103-0004/https://security.netapp.com/advisory/ntap-20200103-0004/CONFIRM
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19234https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19234CONFIRM
https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5505https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5505MISC
https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1019-3816https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1019-3816MISC
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.htmlhttps://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.htmlMISC
https://www.sudo.ws/devel.html#1.8.30b2https://www.sudo.ws/devel.html#1.8.30b2CONFIRMVendor Advisory
https://www.sudo.ws/stable.htmlhttps://www.sudo.ws/stable.htmlMISCVendor Advisory
https://www.suse.com/security/cve/CVE-2019-19234/https://www.suse.com/security/cve/CVE-2019-19234/CONFIRM
https://www.tenable.com/plugins/nessus/132985https://www.tenable.com/plugins/nessus/132985MISC