From 454ba2b5766c79d016d99b3436718a941fee9af6 Mon Sep 17 00:00:00 2001
From: Florian Roth <florian.roth@bsk-consulting.de>
Date: Sun, 20 Oct 2019 14:02:10 +0200
Subject: [PATCH] rule: modified sudo vuln rule to be most generic

---
 rules/linux/lnx_sudo_cve_2019_14287.yml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/rules/linux/lnx_sudo_cve_2019_14287.yml b/rules/linux/lnx_sudo_cve_2019_14287.yml
index 3a7b2ec7981..b39aa277c9c 100644
--- a/rules/linux/lnx_sudo_cve_2019_14287.yml
+++ b/rules/linux/lnx_sudo_cve_2019_14287.yml
@@ -9,6 +9,7 @@ references:
     - https://twitter.com/matthieugarin/status/1183970598210412546
 author: Florian Roth
 date: 2019/10/15
+modified: 2019/10/20
 tags:
     - attack.privilege_escalation
     - attack.t1068
@@ -21,11 +22,7 @@ level: critical
 ---
 detection:
     selection_keywords:
-        - '* -u#-1*'
-        - '* -u#-01*'
-        - '* -u#-001*'
-        - '* -u#-000*'
-        - '* -u#*4294967295*'
+        - '* -u#*'
     condition: selection_keywords
 --- 
 detection: