Lucene search
K

56 matches found

OSV
OSV
added 2019/10/17 6:15 p.m.19 views

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

8.8CVSS8.7AI score0.63917EPSS
Exploits10References37
Cvelist
Cvelist
added 2019/10/17 5:3 p.m.23 views

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

8.8AI score0.63917EPSS
Exploits10References37
NVD
NVD
added 2018/05/29 1:29 p.m.19 views

CVE-2016-7076

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to...

7.8CVSS7.2AI score0.00493EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2017/07/05 12:0 a.m.23 views

Debian DLA-1011-1 : sudo security update

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution. The previous announcement DLA-970-1 was about a similar security issue CVE-2017-1000367 which wasn't...

8.2CVSS7.4AI score0.08018EPSS
Exploits8References3
OSV
OSV
added 2017/06/20 11:19 a.m.6 views

SUSE-SU-2017:1626-1 Security update for sudo

This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...

8.2CVSS6.8AI score0.00573EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2017/05/31 12:0 a.m.37 views

openSUSE Security Update : sudo (openSUSE-2017-636)

This update for sudo fixes the following issues : CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

6.9CVSS7.3AI score0.08018EPSS
Exploits8References5
OSV
OSV
added 2017/05/30 3:52 p.m.5 views

SUSE-SU-2017:1450-1 Security update for sudo

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

6.9CVSS6.7AI score0.08018EPSS
Exploits8References6
UbuntuCve
UbuntuCve
added 2017/04/14 6:59 p.m.30 views

CVE-2016-7032

sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...

7CVSS6.8AI score0.00337EPSS
Exploits0References6
Oracle linux
Oracle linux
added 2016/12/06 12:0 a.m.33 views

sudo security update

1.8.6p3-25 - Update noexec syscall blacklist - Fixes CVE-2016-7032 and CVE-2016-7076 Resolves: rhbz1391937...

7.8CVSS1.4AI score0.00493EPSS
Exploits0
OSV
OSV
added 2016/11/23 2:34 p.m.12 views

SUSE-SU-2016:2891-1 Security update for sudo

This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501 - The SSSD plugin would occasionally crash...

7.8CVSS7.2AI score0.00493EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2016/11/03 8:10 a.m.31 views

Low: Red Hat Security Advisory: sudo security, bug fix, and enhancement update

An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

4.9CVSS6.2AI score0.00403EPSS
Exploits0References8
RedHat Linux
RedHat Linux
added 2015/07/20 2:6 p.m.44 views

Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update

Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

3.3CVSS6.2AI score0.0047EPSS
Exploits1References7
RedHat Linux
RedHat Linux
added 2009/02/05 3:59 p.m.35 views

Moderate: Red Hat Security Advisory: sudo security update

An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...

7.8CVSS7AI score0.00406EPSS
Exploits1References2
Exploit DB
Exploit DB
added 2006/01/09 12:0 a.m.489 views

Sudo 1.6.x - Environment Variable Handling Security Bypass (2)

source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the ability to run Python scripts can...

7.4AI score
Exploits0
FreeBSD
FreeBSD
added 2004/11/11 12:0 a.m.18 views

sudo -- privilege escalation with bash scripts

A Sudo Security Alerts reports: A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands...

3.6AI score
Exploits0References1
Packet Storm
Packet Storm
added 1999/08/17 12:0 a.m.24 views

sudo.info.txt

Date: Tue, 8 Jun 1999 21:23:55 +0200 From: Bencsath Boldizsar To: [email protected] Subject: unneeded information in sudo Sudo debian , v1.5.6p2-2 tells anyone if a file exists or not. It's not a very big problem, but when i set a directory not accessible to anyone but root, I want to make sur...

7.4AI score
Exploits0
Rows per page
Query Builder