16 matches found
Oracle: Security Advisory (ELSA-2010-0361)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
RHEL 5 : rhev-hypervisor (RHSA-2010:0476)
An updated rhev-hypervisor package that fixes two security issues, multiple bugs, and adds enhancements is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severit...
openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)
This update of sudo fixes : - CVE-2011-0010: Does ask for the user password for GID changes now. - CVE-2010-1646: CVSS v2 Base Score: 6.6 CWE-264: The secure environment option can handle multiple occurrence of PATH now. - CVE-2010-1163: CVSS v2 Base Score: 6.9 CWE-20: Improved command matching...
Oracle Linux 5 : sudo (ELSA-2010-0361)
The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2010-0361 advisory. 1.7.2p1-6 - added second patch for CVE-2010-0426 580441 Resolves: 580525 Tenable has extracted the preceding description block directly from the Oracle Linux...
Scientific Linux Security Update : sudo on SL5.x i386/x86_64
In configurations where the ignoredot option was set to off the default is on for the Scientific Linux 5 sudo package, a local user authorized to use the sudoedit pseudo-command could possibly run arbitrary commands with the privileges of the users sudoedit was authorized to run as. CVE-2010-1163...
openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)
This update of sudo fixes : - CVE-2011-0010: Does ask for the user password for GID changes now. - CVE-2010-1646: CVSS v2 Base Score: 6.6 CWE-264: The secure environment option can handle multiple occurrence of PATH now. - CVE-2010-1163: CVSS v2 Base Score: 6.9 CWE-20: Improved command matching...
Gentoo Security Advisory GLSA 201006-09 (sudo)
The remote host is missing updates announced in advisory GLSA 201006-09. SPDX-FileCopyrightText: 2011 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...
Security fix for the ALT Linux 6 package sudo version 1:1.6.8p12-alt8
June 1, 2010 Dmitry V. Levin 1:1.6.8p12-alt8 - Backported upstream fix for CVE-2010-1163 envreset, ignoredot and securepath sudoers options all had to be explicitly disabled to make an attack possible. - Backported upstream fix for CVE-2010-1646 envreset sudoers option had to be explicitly disabl...
CentOS 5 : sudo (CESA-2010:0361)
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt8
June 1, 2010 Dmitry V. Levin 1:1.6.8p12-alt8 - Backported upstream fix for CVE-2010-1163 envreset, ignoredot and securepath sudoers options all had to be explicitly disabled to make an attack possible. - Backported upstream fix for CVE-2010-1646 envreset sudoers option had to be explicitly disabl...
sudo security update
CentOS Errata and Security Advisory CESA-2010:0361 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...
FreeBSD Ports: sudo
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Sudo 1.7.2p5 Local Privilege Escalation
Security Advisory @ Mediaservice.net Srl 02, 19/04/2010 Data Security Division Title: sudoedit local privilege escalation through PATH manipulation Application: sudo Maurizio Agazzini Vendor Status: sudo team notified on 26/03/2010 CVE Candidate: The Common Vulnerabilities and Exposures project h...
CVE-2010-1163
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...
CVE-2010-1163
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...
CVE-2010-1163
The CVE-2010-1163 issue affects sudo 1.6.8–1.7.2p5. If the PATH contains "." and a file in the CWD shares a name with a sudoers pseudo-command, a local user could invoke arbitrary commands via sudoedit, enabling privilege escalation to root. The vulnerability stems from command matching/path reso...