Lucene search
+L

38 matches found

osv
osv
added 2021/01/27 12:40 a.m.6 views

MGASA-2021-0056 Updated sudo packages fix security vulnerability

A serious heap-based buffer overflow has been discovered in sudo that is exploitable by any local user. It has been given the name Baron Samedit by its discoverer. The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file. User authentication is no...

7.8CVSS8.1AI score0.99295EPSS
Exploits81References3
photon
photon
added 2021/01/27 12:0 a.m.45 views

Important Photon OS Security Update - PHSA-2021-3.0-0188

Updates of 'sudo' packages of Photon OS have been released...

7.8CVSS1.7AI score0.99295EPSS
Exploits81
redhat
redhat
added 2021/01/26 7:53 p.m.131 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.8CVSS7.4AI score0.99295EPSS
Exploits81References3
redhat
redhat
added 2021/01/26 7:36 p.m.129 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

7.8CVSS7.4AI score0.99295EPSS
Exploits81References3
nessus
nessus
added 2020/09/07 12:0 a.m.17 views

NewStart CGSL MAIN 4.05 : sudo Vulnerability (NS-SA-2020-0047)

The remote NewStart CGSL host, running version MAIN 4.05, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default...

7.8CVSS7.6AI score0.19426EPSS
Exploits13References2
osv
osv
added 2020/06/10 10:26 p.m.8 views

MGASA-2020-0246 Updated sudo packages fix security vulnerability

Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...

7.5CVSS7.6AI score0.03295EPSS
Exploits0References6
redhat
redhat
added 2019/11/18 12:30 p.m.77 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 6.5 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9CVSS7.2AI score0.63917EPSS
Exploits10References2
redhat
redhat
added 2019/10/29 12:28 p.m.37 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.3 Telco Extended Update Support, and Red Hat Enterprise Linux 7.3 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact ...

9CVSS7.2AI score0.63917EPSS
Exploits10References2
redhat
redhat
added 2019/10/24 9:38 p.m.83 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

9CVSS7.2AI score0.63917EPSS
Exploits10References2
redhat
redhat
added 2019/10/24 9:27 p.m.120 views

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 7.5 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...

9CVSS7.2AI score0.63917EPSS
Exploits10References2
osv
osv
added 2019/10/16 10:22 p.m.8 views

MGASA-2019-0298 Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. CVE-2019-14287...

9CVSS8.8AI score0.63917EPSS
Exploits10References4
osv
osv
added 2017/07/13 9:10 a.m.8 views

MGASA-2017-0207 Updated sudo packages fix security vulnerability

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. CVE-2017-1000367...

6.9CVSS6.6AI score0.08018EPSS
Exploits8References3
mageia
mageia
added 2016/11/17 11:40 p.m.30 views

Updated sudo packages fix security vulnerability

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

7.8CVSS4.1AI score0.00493EPSS
Exploits0References4
osv
osv
added 2016/11/17 11:40 p.m.8 views

MGASA-2016-0389 Updated sudo packages fix security vulnerability

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

7.8CVSS7.8AI score0.00493EPSS
Exploits0References5
mageia
mageia
added 2016/07/26 9:16 p.m.25 views

Updated sudo packages fix security vulnerability

A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve to execute the binary. This results in a race condition if the digest functionalit...

7CVSS6.9AI score0.00542EPSS
Exploits0References2
osv
osv
added 2016/07/26 9:16 p.m.11 views

MGASA-2016-0261 Updated sudo packages fix security vulnerability

A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve to execute the binary. This results in a race condition if the digest functionalit...

7CVSS7AI score0.00542EPSS
Exploits0References3
nessus
nessus
added 2015/07/30 12:0 a.m.21 views

Oracle Linux 6 : sudo (ELSA-2015-1409)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-1409 advisory. - RHEL-6.7 erratum - added patch for CVE-2014-9680 - added BuildRequires for tzdata Resolves: rhbz1200253 Tenable has extracted the preceding description block...

3.3CVSS5.6AI score0.0047EPSS
Exploits1References2
debian
debian
added 2001/03/06 2:15 a.m.7 views

[SECURITY] [DSA 031-2] New sudo packages for powerpc available

---------------------------------------------------------------------------- Debian Security Advisory DSA-031-2 [email protected] http://www.debian.org/security/ Martin Schulze March 6, 2001 - ---------------------------------------------------------------------------- Package : sudo...

5.7AI score
Exploits0
Rows per page
Query Builder