Find Vulnerable Linux Sudo Versions in Your Network
A vulnerability has been discovered in the pre-installed Linux utility Sudo (CVE-2019-14287). Sudo allows users to execute commands using the permissions of the root user. While most system administrators will restrict which users can perform which Sudo commands, the latest vulnerability can circomvent this. You can find more information in our Sudo vulnerability blog post.
To help you discover potentially vulnerable assets, the Linux Sudo audit below provides a list of all Sudo installations along with the version. To ensure you are safe you must have the latest version 1.8.28
Linux Sudo Vulnerability Audit Query
Select Top 1000000 tblAssets.AssetID, tblAssets.AssetName, tblAssets.Domain, tsysAssetTypes.AssetTypename As AssetType, tblAssets.Username, tblAssets.Userdomain, tsysAssetTypes.AssetTypeIcon10 As icon, tblAssets.IPAddress, tblSoftwareUni.softwareName As Software, tblLinuxSoftware.Version As Version, Case When tblLinuxSystem.OSRelease Like 'Ubuntu%' And tblLinuxSoftware.Version = '1.8.21p2-3ubuntu1.1' Then 'Up to date' When tblLinuxSoftware.Version Like '1.8.28%' Then 'Up to date' Else 'Out of date' End As [Patch Status], tsysIPLocations.IPLocation, tblAssetCustom.Manufacturer, tblAssetCustom.Model, tblLinuxSystem.OSRelease As OS, tblAssets.Lastseen, tblAssets.Lasttried, tblLinuxSoftware.LastChanged, Case When tblLinuxSoftware.Version Like '1.8.28%' Then '#d4f4be' Else '#ffadad' End As backgroundcolor From tblAssets Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype Inner Join tsysIPLocations On tsysIPLocations.LocationID = tblAssets.LocationID Inner Join tblState On tblState.State = tblAssetCustom.State Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID Inner Join tblSoftwareUni On tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID Where tblSoftwareUni.softwareName Like 'sudo%' And tblState.Statename = 'Active' Order By tblAssets.Domain, tblAssets.AssetName, Software