37 matches found
RHSA-2017:1574 Red Hat Security Advisory: sudo security update
Bulletin has no description...
SUSE-SU-2024:0794-1 Security update for sudo
This update for sudo fixes the following issues: - CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks bsc1219026...
USN-6005-1 sudo vulnerabilities
Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
SUSE-SU-2021:0232-1 Security update for sudo
This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges bsc1181090,CVE-2021-3156 - It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit...
Vulnerabilities fixed in sudo
Several vulnerabilities have been fixed in sudo. A local malicious party can, by exploiting these vulnerabilities, gain gain root privileges on the vulnerable system. The developers of sudo have released updates to fix the vulnerability marked CVE-2021-3156 in version 1.9.5p2. The vulnerabilities...
Fedora 32 : sudo (2021-8840cbdccd)
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8840cbdccd advisory. - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...
MGASA-2021-0042 Updated sudo packages fix security vulnerabilities
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. CVE-2021-23239. selinuxeditcopytfiles in sudoedit in...
OPENSUSE-SU-2019:2333-1 Security update for sudo
This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. This update was imported from the...
USN-3968-1: Sudo vulnerabilities | Cloud Foundry
Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use this issue to bypass configured restrictions and...
Ubuntu 16.04 LTS : Sudo vulnerabilities (USN-3968-1)
The remote Ubuntu 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3968-1 advisory. Florian Weimer discovered that Sudo incorrectly handled the noexec restriction when used with certain applications. A local attacker could possibly use...
SUSE-SU-2016:2893-1 Security update for sudo
This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality: noexec bypass via system and popen CVE-2016-7032, bsc1007766 noexec bypass via wordexp CVE-2016-7076, bsc1007501...
Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the sudo package of the Gentoo Linux operating system up to version 1.7.2p4 can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...
CVE-2013-2776
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...
PT-2009-1078 · Sudo +1 · Sudo +1
Name of the Vulnerable Software and Affected Versions: sudo versions 1.6.9p17 through 1.6.9p19 Description: The issue concerns the improper interpretation of a system group in the sudoers file during authorization decisions for users belonging to that group. This allows local users to leverage an...
Debian Security Advisory DSA 596-2 (sudo)
The remote host is missing an update to sudo announced via advisory DSA 596-2. OpenVAS Vulnerability Test $Id: deb5962.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 596-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...
CVE-1999-0958
Technical details about CVE-1999-0958 are not publicly provided in the connected documents. The available sources reiterate the arbitrary command execution via sudo 1.5.x. Monitor for updates.