56 matches found
CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...
CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...
CVE-2016-7076
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to...
Debian DLA-1011-1 : sudo security update
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation embedded newlines in the getprocessttyname function resulting in information disclosure and command execution. The previous announcement DLA-970-1 was about a similar security issue CVE-2017-1000367 which wasn't...
SUSE-SU-2017:1626-1 Security update for sudo
This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. bsc1042146 Also the following non security bug was...
openSUSE Security Update : sudo (openSUSE-2017-636)
This update for sudo fixes the following issues : CVE-2017-1000367 : - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...
SUSE-SU-2017:1450-1 Security update for sudo
This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...
CVE-2016-7032
sudonoexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the 1 system or 2 popen function...
sudo security update
1.8.6p3-25 - Update noexec syscall blacklist - Fixes CVE-2016-7032 and CVE-2016-7076 Resolves: rhbz1391937...
SUSE-SU-2016:2891-1 Security update for sudo
This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501 - The SSSD plugin would occasionally crash...
Low: Red Hat Security Advisory: sudo security, bug fix, and enhancement update
An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Moderate: Red Hat Security Advisory: sudo security, bug fix, and enhancement update
Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...
Moderate: Red Hat Security Advisory: sudo security update
An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...
Sudo 1.6.x - Environment Variable Handling Security Bypass (2)
source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the ability to run Python scripts can...
sudo -- privilege escalation with bash scripts
A Sudo Security Alerts reports: A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands...
sudo.info.txt
Date: Tue, 8 Jun 1999 21:23:55 +0200 From: Bencsath Boldizsar To: [email protected] Subject: unneeded information in sudo Sudo debian , v1.5.6p2-2 tells anyone if a file exists or not. It's not a very big problem, but when i set a directory not accessible to anyone but root, I want to make sur...