Astra Linux - уязвимость в sudo

In Sudo version 1.8.29, the fact that a user has been blocked for example, by using the “!” character in the shadow file instead of a password hash was not taken into consideration. This allows an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

Astra Linux - уязвимость в sudo

In Sudo version 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by executing sudo with a numerical UID that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability, as executing a command via sudo as...

SUSE CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

SUSE CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

NewStart CGSL MAIN 4.06 : sudo Multiple Vulnerabilities (NS-SA-2021-0001)

The remote NewStart CGSL host, running version MAIN 4.06, has sudo packages installed that are affected by multiple vulnerabilities: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a...

sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user

It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...

Fedora 31 : sudo (2020-8b563bc5f4)

update to latest development version 1.9.0b1 - added sudologsrvd and sudosendlog to files and their appropriate man pages Resolves: rhbz1787823 - Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz1796945 - fixes: CVE-2019-18634 - By using ! character in the shadow file...

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to impersonate an existing user.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability allows a malicious actor to impersonate an existing user...

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to disable user authentication using a local password.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability could allow a malicious actor to disable user authentication using the local password...

DEBIAN-CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

UBUNTU-CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

UBUNTU-CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

PT-2019-4664 · Todd Miller +4 · Sudo +4

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.29 and earlier Description: The issue is related to the sudoer account with Runas ALL privileges, allowing an attacker to impersonate a nonexistent user by invoking sudo with a numeric uid not associated with any user. This...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

Exploit for Improper Handling of Exceptional Conditions in Sudo_Project Sudo

Sudo-Security-Bypass-CVE-2019-14287 ==========================...

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

UBUNTU-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...