Find Vulnerable Linux Sudo Versions in Your Network
A vulnerability has been discovered in the pre-installed Linux utility Sudo (CVE-2019-14287). Sudo allows users to execute commands using the permissions of the root user. While most system administrators will restrict which users can perform which Sudo commands, the latest vulnerability can circomvent this. You can find more information in our Sudo vulnerability video post.
To help you discover potentially vulnerable assets, the Linux Sudo audit below provides a list of all Sudo installations along with the version. To ensure you are safe you must have the latest version 1.8.28
Linux Sudo Vulnerability Audit Query
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblAssets.Domain,
tsysAssetTypes.AssetTypename As AssetType,
tblAssets.Username,
tblAssets.Userdomain,
tsysAssetTypes.AssetTypeIcon10 As icon,
tblAssets.IPAddress,
tblSoftwareUni.softwareName As Software,
tblLinuxSoftware.Version As Version,
Case
When tblLinuxSystem.OSRelease Like 'Ubuntu%' And tblLinuxSoftware.Version = '1.8.21p2-3ubuntu1.1' Then 'Up to date'
When tblLinuxSoftware.Version Like '1.8.28%' Then 'Up to date'
Else 'Out of date'
End As [Patch Status],
tsysIPLocations.IPLocation,
tblAssetCustom.Manufacturer,
tblAssetCustom.Model,
tblLinuxSystem.OSRelease As OS,
tblAssets.Lastseen,
tblAssets.Lasttried,
tblLinuxSoftware.LastChanged,
Case
When tblLinuxSoftware.Version Like '1.8.28%' Then '#d4f4be'
Else '#ffadad'
End As backgroundcolor
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tsysIPLocations On tsysIPLocations.LocationID =
tblAssets.LocationID
Inner Join tblState On tblState.State = tblAssetCustom.State
Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
Inner Join tblSoftwareUni On
tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tblSoftwareUni.softwareName Like 'sudo%' And tblState.Statename = 'Active'
Order By tblAssets.Domain,
tblAssets.AssetName,
Software