5 matches found
[ASA-202102-8] opendoas: privilege escalation
Arch Linux Security Advisory ASA-202102-8 ========================================= Severity: High Date : 2021-02-06 CVE-ID : CVE-2019-25016 Package : opendoas Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1504 Summary ======= The package opendoas before versio...
ALPINE-CVE-2019-25016
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...
CVE-2019-25016
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...
CVE-2019-25016
Summary: CVE-2019-25016 affects OpenDoas (versions 6.6–6.8). When the authenticating rule allowed executing any command, the user’s PATH was inappropriately inherited by the resulting shell, enabling potential local privilege escalation. Rules limited to specific commands were not affected. What’...
CVE-2019-25016
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...