9 matches found
CVE-2014-10070
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...
CVE-2014-10070
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment instead of treating them as literal numbers. That could allow local privilege escalation, under some specific and atypical conditions where zsh is being invoked in privilege-elevation...
Debian DLA-160-1 : sudo security update
This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able t...
[SECURITY] [DLA 160-1] sudo security update
Package : sudo Version : 1.7.4p4-2.squeeze.5 CVE ID : CVE-2014-0106 CVE-2014-9680 Debian Bug : 772707 This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as...
USN-2146-1: Sudo vulnerabilities
Sebastien Macke discovered that Sudo incorrectly filtered environment variables when the envreset option was disabled. A local attacker could use this issue to possibly run unintended commands by using environment variables that were intended to be blocked. In a default Ubuntu installation, the...
RedHat Update for sudo RHSA-2014:0266-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt7
Feb. 23, 2010 Dmitry V. Levin 1:1.6.8p12-alt7 - Backported upstream fix for CVE-2010-0426 a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands; envreset sudoers option had to be explicitly disabled to make an attack possible...
Debian Security Advisory DSA 946-2 (sudo)
The remote host is missing an update to sudo announced via advisory DSA 946-2. The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into th...