23 matches found
Debian: Security Advisory (DLA-160-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2014:0475-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
OracleVM 3.2 : sudo (OVMSA-2016-0079)
The remote OracleVM system is missing necessary patches to address critical security updates : - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210 - backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-277...
SUSE: Security Advisory for sudo (SUSE-SU-2014:0475-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Oracle: Security Advisory (ELSA-2014-0266)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 201406-30
Gentoo Linux Local Security Checks GLSA 201406-30 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
[SECURITY] [DLA 160-1] sudo security update
Package : sudo Version : 1.7.4p4-2.squeeze.5 CVE ID : CVE-2014-0106 CVE-2014-9680 Debian Bug : 772707 This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to...
DLA-160-1 sudo - security update
Bulletin has no description...
GLSA-201406-30 : sudo: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201406-30 sudo: Privilege escalation When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as expected. Impact : A local attacker, authorized to run commands using...
SuSE 11.3 Security Update : sudo (SAT Patch Number 9044)
This collective update for sudo provides fixes for the following issues : - Security policy bypass when envreset is disabled. CVE-2014-0106, bnc866503 - Regression in the previous update that causes a segmentation fault when running 'sudo -s'. bnc868444 - Command 'who -m' prints no output when...
[USN-2146-1] Sudo vulnerabilities
========================================================================== Ubuntu Security Notice USN-2146-1 March 13, 2014 sudo vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubun...
Ubuntu: Security Advisory (USN-2146-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-2146-1: Sudo vulnerabilities
Sebastien Macke discovered that Sudo incorrectly filtered environment variables when the envreset option was disabled. A local attacker could use this issue to possibly run unintended commands by using environment variables that were intended to be blocked. In a default Ubuntu installation, the...
RedHat Update for sudo RHSA-2014:0266-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CentOS Update for sudo CESA-2014:0266 centos5
Check for the Version of sudo OpenVAS Vulnerability Test CentOS Update for sudo CESA-2014:0266 centos5 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...
CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
CVE-2014-0106
CVE-2014-0106 affects Sudo up to version 1.8.5 where env_reset is disabled, and env_delete checks fail to properly sanitize environment variables. This allows local users with sudo permissions to bypass intended command restrictions via crafted environment variables. The vulnerability is tied to ...
CentOS 5 : sudo (CESA-2014:0266)
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)
A flaw was found in the way sudo handled its blacklist of environment variables. When the 'envreset' option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an...
RHEL 5 : sudo (RHSA-2014:0266)
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...