A local privilege escalation vulnerability exists in the sudo utility and has been given CVE-2019-14287 for tracking. Configurations that supposedly restrict a user to running commands only a different (non-root) user are not effective, allowing commands to be run as root instead. The following sections are covered:
Applies to the following Sophos products and versions None
The vulnerability is NOT applicable to any Sophos products.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.