CVE-2019-19232

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2019-19232
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2019-12-19 21:15:00 UTC
Updated2023-11-07 03:07:00 UTC
Description** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions.

Risk And Classification

Problem Types: NVD-CWE-noinfo

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Application Sudo Sudo All All All All

References

ReferenceSourceLinkTags
Sudo Development Releases CONFIRM www.sudo.ws Vendor Advisory
About the security content of macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra – Apple Support CONFIRM support.apple.com
Cisco Bug: CSCvs58103 - [ciam] Sudo Nonexistent User Impersonation Vulnerability MISC quickview.cloudapps.cisco.com
[SECURITY] Fedora 32 Update: sudo-1.9.0-0.1.b1.fc32 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
[SECURITY] Fedora 31 Update: sudo-1.9.0-0.1.b1.fc31 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
Errorpage MISC www.bsi.bund.de
Red Hat Customer Portal CONFIRM access.redhat.com
December 2019 Sudo Vulnerabilities in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
Full Disclosure: APPLE-SA-2020-03-24-2 macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra FULLDISC seclists.org
Oracle Solaris Third Party Bulletin - April 2020 CONFIRM www.oracle.com
About the security content of macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra - Apple Support CONFIRM support.apple.com
EulerOS 2.0 SP5 : sudo (EulerOS-SA-2020-1135) | Tenable® MISC www.tenable.com
Sudo Stable Release MISC www.sudo.ws Vendor Advisory
CVE-2019-19232 CONFIRM support2.windriver.com
Bug Not Available MISC quickview.cloudapps.cisco.com
Cisco Bug: CSCvs58979 - Multiple Vulnerabilities in sudo MISC quickview.cloudapps.cisco.com
LIN1018-5506 - Security Advisory - sudo - CVE-2019-19232 MISC support2.windriver.com
[SECURITY] Fedora 32 Update: sudo-1.9.0-0.1.b1.fc32 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
Bug Not Available MISC quickview.cloudapps.cisco.com
[SECURITY] Fedora 31 Update: sudo-1.9.0-0.1.b1.fc31 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 377324 Alibaba Cloud Linux Security Update for sudo (ALINUX3-SA-2022:0113)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report