OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL

Summary shell-env fallback trusted prefix-based executable paths for $SHELL, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios. Details In affected versions, shell selection accepted either: 1. a shell listed in /etc/shells, or 2. any executable under...

K000148482: Sudo vulnerability CVE-2019-19234

Security Advisory Description In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

RHEL 6 : setup (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Note that Nessus has not tested f...

Huawei EulerOS: Security Advisory for setup (EulerOS-SA-2018-1394)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.1.0 : setup (EulerOS-SA-2019-1409)

According to the version of the setup package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to...

Amazon Linux 2 : setup (ALAS-2019-1158)

Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to...

Low: setup

Issue Overview: Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shell...

Fedora 28 : setup (2018-f47268acd5)

don't list nologin in /etc/shells 1378893 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

EulerOS 2.0 SP2 : setup (EulerOS-SA-2018-1421)

According to the version of the setup package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 Note that Tenable Network Security has extracted the preceding...

Scientific Linux Security Update : setup on SL7.x (noarch) (20181030)

Security Fixes : - setup: nologin listed in /etc/shells violates security expectations CVE-2018-1113 C Tenable Network Security, Inc. The descriptive text is C Scientific Linux. include'compat.inc'; if description scriptid119199; scriptversion"1.5";...

Oracle Linux 7 : setup (ELSA-2018-3249)

The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2018-3249 advisory. 2.8.71-10 - fix crudp name in /etc/protocols 1566469 - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells 1571104 Tenable has extracted the precedin...

setup security and bug fix update

2.8.71-10 - fix crudp name in /etc/protocols 1566469 - do not list /sbin/nologin and /usr/sbin/nologin in /etc/shells 1571104...

setup: nologin listed in /etc/shells violates security expectations

Setup in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstances, users which had their shel...

Design/Logic Flaw

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

CVE-2018-1113

setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pamshells and some daemons which allow access based on a user's shell being listed in /etc/shells. Under some circumstance...

CVE-2018-1113

CVE-2018-1113 summary (in provided documents): The Fedora/RHEL setup package before version 2.11.4-1.fc28 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This undermines assumptions in pam_shells and some daemons that rely on a user’s shell being listed in /etc/shells, and under certain...