Rubber Mallet: a Study of High Frequency Localized Bit Flips and Their Impact on Security

The increasing density of modern DRAM has heightened its vulnerability to Rowhammer attacks, which induce bit flips by repeatedly accessing specific memory rows. This paper presents an analysis of bit flip patterns generated by advanced Rowhammer techniques that bypass existing hardware defenses...

Linux Distros Unpatched Vulnerability : CVE-2023-51767

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks for authentication bypass because the integer value of authenticated in...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-1755)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.11.1 : sudo (EulerOS-SA-2024-1621)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

EulerOS Virtualization 2.11.0 : sudo (EulerOS-SA-2024-1640)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2024-1537)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic...

SUSE SLES12 Security Update : sudo (SUSE-SU-2024:0890-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0890-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is...

SUSE SLES15 Security Update : sudo (SUSE-SU-2024:0877-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0877-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : sudo (SUSE-SU-2024:0876-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0876-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation...

SUSE SLES15 Security Update : sudo (SUSE-SU-2024:0834-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2024:0834-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-1326)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE 15 Security Update : sudo (SUSE-SU-2024:0794-1)

The remote openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2024:0794-1 advisory. - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not...

OpenBSD OpenSSH <= 9.6 Authentication Bypass Vulnerability

OpenBSD OpenSSH is prone to an authentication bypass vulnerability. Note: This VT has been deprecated and is therefore no longer functional. Please see the solution tag for more information. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced...

CentOS 8 : sudo (CESA-2024:0811)

The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0811 advisory. - Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 - Sudo before 1.9.13 does not escape control characters in...

Oracle Linux 8 / 9 : sudo (ELSA-2024-0811)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0811 advisory. - CVE-2023-28487 sudo: Sudo does not escape control characters in sudoreplay output Resolves: RHEL-21834 - CVE-2023-28486 sudo: Sudo does not escap...

RHEL 8 / 9 : sudo (RHSA-2024:0811)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0811 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute...

Low: sudo

Issue Overview: Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

GLSA-202401-29 : sudo: Memory Manipulation

The remote host is affected by the vulnerability described in GLSA-202401-29 sudo: Memory Manipulation - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of...

OESA-2024-1071 sudo security update

Sudo is a program designed to allow a sysadmin to give limited root privileges to users and log root activity. The basic philosophy is to give as few privileges as possible but still allow people to get their work done. Security Fixes: Sudo before 1.9.15 might allow row hammer attacks for...