41 matches found
MiracleLinux 4 : sudo-1.8.6p3-19.AXS4 (AXSA:2015-227:01)
The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2015-227:01 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...
Linux Distros Unpatched Vulnerability : CVE-2014-9680
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for rea...
RHEL 5 : sudo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: noexec bypass via wordexp CVE-2016-7076 - sudo before 1.8.12 does not ensure that the TZ environmen...
RHEL 4 : sudo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - sudo: unsafe handling of TZ environment variable CVE-2014-9680 Note that Nessus has not tested for this issue but h...
Debian: Security Advisory (DLA-160-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: A vulnerability in sudo affects IBM Security Network Intrusion Prevention System (CVE-2014-9680)
Summary A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System. Vulnerability Details CVEID: CVE-2014-9680 DESCRIPTION: Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ...
Mageia: Security Advisory (MGASA-2015-0079)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
NewStart CGSL MAIN 6.02 : sudo Multiple Vulnerabilities (NS-SA-2021-0120)
The remote NewStart CGSL host, running version MAIN 6.02, has sudo packages installed that are affected by multiple vulnerabilities: - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group aka %group in the sudoers file during...
SUSE: Security Advisory (SUSE-SU-2015:0985-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2904-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access but not view file contents by running a program within an sudo session, as demonstrated by interfering with terminal output,...
CVE-2014-9680
CVE-2014-9680 : sudo before 1.8.12 fails to sanitize the TZ environment variable, allowing a local attacker to bypass restrictions and potentially cause a denial of service or read/open unauthorized files via a sudo session. Connected advisories/docs corroborate local-execution impact and recomme...
SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2904-1)
This update for sudo fixes the following security issues : - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...
openSUSE Security Update : sudo (openSUSE-2015-687)
sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
openSUSE Security Update : sudo (openSUSE-2015-703)
sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
Oracle: Security Advisory (ELSA-2015-1409)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 201504-02
Gentoo Linux Local Security Checks GLSA 201504-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722)
It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the...
OracleVM 3.3 : sudo (OVMSA-2015-0103)
The remote OracleVM system is missing necessary patches to address critical security updates : - RHEL-6.7 erratum - modified the authlogicfix patch to fix 1144448 - fixed a bug in the ldapusermatchfix patch Resolves: rhbz1144448 Resolves: rhbz1142122 - RHEL-6.7 erratum - fixed the...