Sudo CVE-2019-14287 Reported Oct 14

Support for security such as Firewalls and securing linux
Post Reply
Posts: 3
Joined: 2014/02/07 17:49:48

Sudo CVE-2019-14287 Reported Oct 14

Post by jakepogo » 2019/10/18 14:41:37

ALL Sudo versions prior to 1.8.28 (CEntOS 6 is currently synced with v 1.8.6p3) are susceptible to an escalation flaw related to user -1. The report said that linux distros would be updated as soon as possible but I havent found any information about when CEntOS would sync up with the safer version, does anyone know? This seems like a pretty major flaw :( ... -flaw.html

Posts: 516
Joined: 2012/06/26 14:20:47

Re: Sudo CVE-2019-14287 Reported Oct 14

Post by stevemowbray » 2019/10/18 15:24:58

I'd say it's a pretty minor flaw as I wouldn't expect many people to have set up a vulnerable configuration. It's easy enough to fix your own configuration if you have done so.

User avatar
Forum Moderator
Posts: 30173
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Sudo CVE-2019-14287 Reported Oct 14

Post by TrevorH » 2019/10/18 16:57:02

Please see for both information about what configurations are vulnerable and for progress about the path to a patch. News about the fix will appear on that page first and when Redhat release it for RHEL then CentOS will pick it up and rebuild it too.

Due to the fact that the exploit is local only and also has very specific configuration requirements before your system will be vulnerable - even with the unpatched version - the majority of people will be unaffected.
CentOS 6 died in November 2020 - migrate to a new version!
Info for USB installs on
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

Posts: 3054
Joined: 2014/09/20 11:22:14

Re: Sudo CVE-2019-14287 Reported Oct 14

Post by aks » 2019/10/23 17:38:51

Frankly, if somebody is already in as in they can execute sudo, you've got bigger problems ...

Post Reply

Return to “CentOS 6 - Security Support”