CVE-2019-14278 – all you need to know about a recent sudo exploit

What is it exactly?

sudo allows Linux users to escalate privileges, and most often, to run programs  as root. A recent vulnerability found in sudo which might allow a hacker to bypass certain security policies. The vulnerability is registered under CVE-2019-14287 in NIST vulnerability database.

Is my product vulnerable?

The vulnerability exists in sudo project versions up to 1.8.27 (including). Moreover, the vulnerability can only be used if the following configuration is present in sudoers (usually /etc/sudoers) configuration:

 username hostname = (ALL, !root) path-to-command

What is the mitigation?

Hardenite recommends to update sudo to version 1.8.28 or higher. As a quick workaround,  Runas ALL configurations can be removed from sudoers file.

Get comprehensive security for Linux

More articles

Download a free demo version of

Hardenite Audit
Please fill the form below. We will review your request and send a download link to your email shortly.