MiracleLinux 8 : sudo-1.8.29-7.el8 (AXSA:2021-1920:05)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2021-1920:05 advisory. sudo: symbolic link attack in SELinux-enabled sudoedit CVE-2021-23240 sudo: possible directory existence test due to race condition in sudoedit...

sudo security and bug fix update

An update is available for sudo. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The sudo packages contain the sudo utility which allows system administrators to...

Low: sudo security and bug fix update

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: symbolic link attack in SELinux-enabled...

UBUNTU-CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...

Sudo Backlink Vulnerability

Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A backlink vulnerability exists in versions of Sudo prior to 1.9.5 that allows an attacker to test for the existence of a directory anywhere on the file system...