Linux Sudo Vulnerability Audit

Find Vulnerable Linux Sudo Versions in Your Network

A vulnerability has been discovered in the pre-installed Linux utility Sudo (CVE-2019-14287). Sudo allows users to execute commands using the permissions of the root user. While most system administrators will restrict which users can perform which Sudo commands, the latest vulnerability can circomvent this. You can find more information in our Sudo vulnerability blog post.

To help you discover potentially vulnerable assets, the Linux Sudo audit below provides a list of all Sudo installations along with the version. To ensure you are safe you must have the latest version 1.8.28

Linux Sudo Vulnerability Audit Query

Select Top 1000000 tblAssets.AssetID,
  tblAssets.AssetName,
  tblAssets.Domain,
  tsysAssetTypes.AssetTypename As AssetType,
  tblAssets.Username,
  tblAssets.Userdomain,
  tsysAssetTypes.AssetTypeIcon10 As icon,
  tblAssets.IPAddress,
  tblSoftwareUni.softwareName As Software,
  tblLinuxSoftware.Version As Version,
  Case
  When tblLinuxSystem.OSRelease Like 'Ubuntu%' And tblLinuxSoftware.Version = '1.8.21p2-3ubuntu1.1' Then 'Up to date'
  When tblLinuxSoftware.Version Like '1.8.28%' Then 'Up to date'
    Else 'Out of date'
  End As [Patch Status],
  tsysIPLocations.IPLocation,
  tblAssetCustom.Manufacturer,
  tblAssetCustom.Model,
  tblLinuxSystem.OSRelease As OS,
  tblAssets.Lastseen,
  tblAssets.Lasttried,
  tblLinuxSoftware.LastChanged,
  Case
    When tblLinuxSoftware.Version Like '1.8.28%' Then '#d4f4be'
    Else '#ffadad'
  End As backgroundcolor
From tblAssets
  Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
  Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
  Inner Join tsysIPLocations On tsysIPLocations.LocationID =
    tblAssets.LocationID
  Inner Join tblState On tblState.State = tblAssetCustom.State
  Inner Join tblLinuxSoftware On tblAssets.AssetID = tblLinuxSoftware.AssetID
  Inner Join tblSoftwareUni On
    tblSoftwareUni.SoftID = tblLinuxSoftware.SoftwareUniID
  Inner Join tblLinuxSystem On tblAssets.AssetID = tblLinuxSystem.AssetID
Where tblSoftwareUni.softwareName Like 'sudo%' And tblState.Statename = 'Active'
Order By tblAssets.Domain,
  tblAssets.AssetName,
  Software

Audit and Take Action in 3 Easy Steps

Download-Install-Lansweeper

1. Download & Install Lansweeper

Save-and-Run-the-Report

3. Run the Audit & Take Action

Download Lansweeper to Run this Audit

Harness the Power of Reporting