1015 matches found
sudo: LPE via chroot option
A flaw was found in Sudo. This flaw allows a local attacker to escalate their privileges by tricking Sudo into loading an arbitrary shared library using the user-specified root directory via the -R --chroot option. An attacker can run arbitrary commands as root on systems that support...
CVE-2025-44654
In Linksys E2500 3.0.04.002, the chrootlocaluser option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...
CVE-2025-44655
In TOTOLink A7100RU V7.4, A950RG V5.9, and T10 V5.9, the chrootlocaluser option is enabled in the vsftpd.conf. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...
CVE-2025-44657
In Linksys EA6350 V2.1.2, the chrootlocaluser option is enabled in the dynamically generated vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot point for internal network attacks...
TOTOLINK A7100RU 安全漏洞
TOTOLINK A7100RU is a wireless router from China Gion Electronics TOTOLINK. A security vulnerability exists in the TOTOLINK A7100RU V7.4, A950RG V5.9, and T10 V5.9 versions, which originates from enabling the chrootlocaluser option and could lead to unauthorized access to system files...
Linksys E2500 安全漏洞
The Linksys E2500 is an E-Series wireless router from Linksys, Inc. A security vulnerability exists in the Linksys E2500 version 3.0.04.002, which originates from enabling the chrootlocaluser option, and could lead to unauthorized access to system files...
Linksys EA6350 安全漏洞
Linksys EA6350 is a wireless router from Linksys, Inc. A security vulnerability exists in the Linksys EA6350 version V2.1.2 that originates from enabling the chrootlocaluser option, which could lead to unauthorized access to system files...
PT-2025-30319
Name of the Vulnerable Software and Affected Versions Linksys E2500 version 3.0.04.002 Description The chroot local user option is enabled in the vsftpd configuration file. This could lead to unauthorized access to system files, privilege escalation, or use of the compromised server as a pivot...
Local Privilege Escalation
Sudo is vulnerable to local privilege escalation. The vulnerability is due to the use of a user-controlled /etc/nsswitch.conf file when running with the --chroot option, which allows an attacker to obtain root access on the system...
Security update for sudo
This update for sudo fixes the following issues: CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275 Patch Instructions: To install this SUSE update use the SUSE recommend...
SUSE-SU-2025:20478-1 Security update for sudo
This update for sudo fixes the following issues: - CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 - CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
DISCLAIMER This code is for educational and research...
OESA-2025-1759 sudo security update
Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.17p1, when used with a sudoers file that...
The vulnerability of the sudo system administration program relates to the activation of functions from an untrusted controlled area when the "-R" ("--chroot") option is used. This allows a malicious user to execute arbitrary code and increase their privileges.
The vulnerability of the sudo system administration program relates to the inclusion of functions from an unverified controlled area when the "-R" "--chroot" option is used. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and increase their privileges by placing t...
Security update for sudo
This update for sudo fixes the following issues: CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275 Patch Instructions: To install this SUSE update use the SUSE recommend...
SUSE-SU-2025:20489-1 Security update for sudo
This update for sudo fixes the following issues: - CVE-2025-32462: Fix a possible local privilege escalation via the --host option bsc1245274 - CVE-2025-32463: Fix a possible local privilege Escalation via chroot option bsc1245275...
Important: sudo
Issue Overview: Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. CVE-2025-32462 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.co...
📄 Sudo chroot 1.9.17 Privilege Escalation
Sudo versions 1.9.14 through 1.9.17 suffer from a local privilege escalation vulnerability in the chroot functionality. Exploit Title: Sudo chroot 1.9.17 - Local Privilege Escalation Google Dork: not aplicable Date: Mon, 30 Jun 2025 Exploit Author: Stratascale Vendor...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
CVE-2025-32463 - sudo chroot Usage docker build -t cv...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
cve-2025-32463 chroot sudo chroot Execute the comman...