CVE-2019-14287 POC (Proof-of-Concept)

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

Published: 2019-10-17

CVSS: 9.0

CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C

Download CVE-2019-14287 POC (Proof-of-Concept) here:

http://zeroday4n6aaxjruc5jgvulkdgy4mkioom5g6q7l3nz475a62vmamiyd.onion/exploit-for-cve-2019-14287.778/

Tip: Download official Tor Browser at https://www.torproject.org/download/ to access .onion links.

https://connollyfinan.ie/poc-715-cve-2020-1350/

https://connollyfinan.ie/poc-588-cve-2025-14174/

https://connollyfinan.ie/poc-552-cve-2009-3103/

https://connollyfinan.ie/poc-226-cve-2020-0688/