CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

Command injection

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

CVE-2022-44720 affects Weblib Ucopia prior to 6.0.13. The vulnerability is an OS command injection related to chroot in the Weblib Ucopia product. CVSS v3.1 base score is 9.8 (CRITICAL) with network access, no auth, no user interaction required, and impacts to confidentiality, integrity, and avai...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

CVE-2022-44720

An issue was discovered in Weblib Ucopia before 6.0.13. OS Command Injection injection can occur, related to chroot...

bind security and bug fix update

32:9.16.23-11 - Correct backport issue in statistics rendering fix 2126912 32:9.16.23-10 - Handle subtle difference between upstream and rhel CVE-2022-3094 32:9.16.23-9 - Prevent flooding with UPDATE requests CVE-2022-3094 - Handle RRSIG queries when server-stale is active CVE-2022-3736 - Fix cra...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-161)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-161 advisory. By flooding the target resolver with queries exploiting this flaw an attacker can significantly impair the resolver's performance, effectively denying legitimate clients access to the DNS...

Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2023-135)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-135 advisory. Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487 Tenable has...

Amazon Linux 2023 : bind, bind-chroot, bind-devel (ALAS2023-2023-010)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-010 advisory. A cache poisoning vulnerability was found in BIND when using forwarders. Bogus NS records supplied by the forwarders may be cached and used by name if it needs to recurse for any reason. This...

Fedora 36 : sudo (2023-cb5df36beb)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-cb5df36beb advisory. Security fix for CVE-2023-27320 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

OESA-2023-1172 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.13p2 has a double free in the per-command...

OESA-2023-1160 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.13p2 has a double free in the per-command...

Double Free

sudo is vulnerable to Double Free. An attacker can trigger a double free in the per-command chroot feature...

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

...

SUSE CVE-2023-27320

Sudo before 1.9.13p2 has a double free in the per-command chroot feature...

Fedora 37 : sudo (2023-d2d6ec2a32)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-d2d6ec2a32 advisory. Security fix for CVE-2023-27320 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

USN-5908-1 sudo vulnerability

It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROOT setting, a local attacker could use this issue to cause Sudo to crash, resulting in a denial of service, or possibly escalate...

Ubuntu 22.04 LTS : Sudo vulnerability (USN-5908-1)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5908-1 advisory. It was discovered that Sudo incorrectly handled the per-command chroot feature. In certain environments where Sudo is configured with a rule that contains a CHROO...

CVE-2023-27320

A double-free vulnerability was found in Sudo in the per-command chroot feature. This flaw exists due to a boundary error when matching a sudoer rule that contains a per-command chroot directive CHROOT=dir. By sending a specially-crafted request, a local privileged attacker can elevate privileges...