CVE-2019-19234 : Exploit Details and Defense Strategies

In versions of Sudo up to 1.8.29, a vulnerability exists where the program does not consider that a user has been blocked, allowing an attacker with a Runas ALL sudoer account to impersonate any blocked user. The software maintainer disputes the validity of this CVE, stating that disabling local password authentication for a user does not necessarily disable all access for that user.

Understanding CVE-2019-19234

This CVE relates to a security issue in Sudo versions up to 1.8.29.

What is CVE-2019-19234?

CVE-2019-19234 is a vulnerability in Sudo that allows an attacker with specific privileges to impersonate blocked users.

The Impact of CVE-2019-19234

The vulnerability enables unauthorized users to impersonate blocked users, potentially leading to unauthorized access and misuse of privileges.

Technical Details of CVE-2019-19234

This section provides more technical insights into the vulnerability.

Vulnerability Description

The vulnerability in Sudo versions up to 1.8.29 allows attackers with specific privileges to impersonate blocked users.

Affected Systems and Versions

Product: n/a
Vendor: n/a
Versions affected: Up to Sudo 1.8.29

Exploitation Mechanism

Attackers with a Runas ALL sudoer account can exploit this vulnerability to impersonate any blocked user, even if the user's password hash in the shadow file has been replaced with the "!" character.

Mitigation and Prevention

To address CVE-2019-19234, follow these mitigation strategies:

Immediate Steps to Take

Upgrade Sudo to version 1.8.30 or later.
Implement the optional setting introduced in Sudo 1.8.30 to check the shell of the target user against /etc/shells.

Long-Term Security Practices

Regularly review and update sudo configurations.
Monitor user access and privilege assignments.

Patching and Updates

Apply patches and updates provided by the Sudo project to fix the vulnerability.