[SECURITY] [DSA 946-1] New sudo packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 946-1 [email protected] http://www.debian.org/security/ Martin Schulze January 20th, 2006 http://www.debian.org/security/faq -...

Mandrake Linux Security Advisory : sudo (MDKSA-2005:234)

Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library...

Mandrake Linux Security Advisory : uim (MDKSA-2005:198)

Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. The updated packages have been patched to address this issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descripti...

USN-235-2: sudo vulnerability

USN-235-1 fixed a vulnerability in sudo's handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges. For referenc...

Sudo 1.6.x - Environment Variable Handling Security Bypass (2)

Sudo 1.6.x - Environment Variable Handling Security Bypass 2 source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A...

Sudo 1.6.x - Environment Variable Handling Security Bypass (1)

Sudo 1.6.x - Environment Variable Handling Security Bypass 1 source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A...

sudo privilege escalation

few envoronment vaqriables used by bash perl and python are not cleaned...

Sudo 1.6.x - Environment Variable Handling Security Bypass (1)

source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the ability to run Python scripts can...

USN-235-1: sudo vulnerability

Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this coul...

CVE-2005-4875

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...

CVE-2005-3629

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors...

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

CVE-2005-4158

CVE-2005-4158 affects sudo prior to version 1.6.8p12, where with Perl taint off the variables PERLLIB, PERL5LIB and PERL5OPT are not cleared, enabling a limited local user to influence which libraries a Perl script loads and potentially execute arbitrary code. Public disclosures (e.g., Debian DSA...

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow

Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow / $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2003-1235

CVE-2003-1235 affects BRW WebWeaver 1.03. An attacker can remotely request testcgi.exe to cause the server to disclose environment variables and the current working directory, exposing sensitive server information. The description explicitly identifies the affected component and the data exposed ...

VERITAS Cluster Server for UNIX buffer overflow

Buffer overflow in 'ha' suid utility on environment variables parsing...