27 matches found
EUVD-2019-11469
Malware in sbrugna...
EUVD-2023-32037
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-28339
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is...
CVE-2019-25016
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...
CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
Privilege escalation
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
UBUNTU-CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
PT-2023-21661 · Opendoas +1 · Opendoas +1
Name of the Vulnerable Software and Affected Versions: OpenDoas versions 6.8.2 and earlier Description: The issue allows privilege escalation due to sharing a terminal with the original session when TIOCSTI is available. TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable...
Duncaen OpenDoas 安全漏洞
Duncaen OpenDoas is a program from the individual developer Duncaen that provides limited Sudo functionality for Linux systems. A security vulnerability exists in OpenDoas 6.8.2 and earlier versions, which stems from sharing a terminal with the original session, and can be exploited by an attacke...
CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
CVE-2023-28339
OpenDoas up to version 6.8.2 is affected by CVE-2023-28339. The root cause is privilege escalation when TIOCSTI is available and the attacker shares a terminal with the original session. Note that TIOCSTI is unavailable in OpenBSD 6.0+ and can be disabled in the Linux kernel 6.2+; OpenDoas remain...
CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later...
GLSA-202107-11 : OpenDoas: Insufficient environment filtering
The remote host is affected by the vulnerability described in GLSA-202107-11 OpenDoas: Insufficient environment filtering OpenDoas does not properly filter the PATH variable from the resulting shell after escalating privileges. Impact : A local attacker with control of a users PATH variable could...
OpenDoas: Insufficient environment filtering
Background OpenDoas allows users to run commands as other users. Description OpenDoas does not properly filter the PATH variable from the resulting shell after escalating privileges. Impact A local attacker with control of a user’s PATH variable could escalate privileges if that user uses OpenDoa...
[ASA-202102-8] opendoas: privilege escalation
Arch Linux Security Advisory ASA-202102-8 ========================================= Severity: High Date : 2021-02-06 CVE-ID : CVE-2019-25016 Package : opendoas Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1504 Summary ======= The package opendoas before versio...
CVE-2019-25016
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...
CVE-2019-25016
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue...