OPENSUSE-SU-2024:13490-1 sudo-1.9.15p2-1.1 on GA media

These are all security issues fixed in the sudo-1.9.15p2-1.1 package on the GA media of openSUSE Tumbleweed...

CVE-2024-37408

A flaw was found in fprintd through version 1.94.3, which lacks a security attention mechanism. This issue causes unexpected actions that may be authorized by "auth sufficient pamfprintd.so" for Sudo...

SUSE CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so ...

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so ...

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so ...

CVE-2024-37408

fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pamfprintd.so" for Sudo. NOTE: the supplier disputes this because they believe issue resolution would involve modifying the PAM configuration to restrict pamfprintd.so ...

PT-2024-27527 · Fprintd · Fprintd

Name of the Vulnerable Software and Affected Versions: fprintd versions 1.94.3 and earlier Description: The issue is related to the lack of a security attention mechanism in fprintd, which may lead to unexpected actions being authorized by auth sufficient pam fprintd.so for Sudo. This could...

CVE-2024-37408

Removed by vendor...

CVE-2024-37408

CVE-2024-37408 affects fprintd up to version 1.94.3, where the lack of a security attention mechanism could allow actions authorized by pam_fprintd.so for Sudo. Multiple connected sources (Red Hat, SUSE, Ubuntu, Debian trackers) confirm the issue; some vendors dispute it and suggest PAM configura...

Fedora: Security Advisory for sudo-rs (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RHEL 4 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - sudo: unsafe handling of TZ environment variable CVE-2014-9680 Note that Nessus has not tested for this issue but h...

RHEL 5 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: noexec bypass via wordexp CVE-2016-7076 - sudo before 1.8.12 does not ensure that the TZ environmen...

RHEL 7 : sudo (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: Unauthorized privilege escalation in sudoedit CVE-2015-5602 - sudo: by using ! character in the...

RHEL 7 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: stack-based buffer overflow mount.cifs may lead to local privilege escalation to root...

[SECURITY] Fedora 39 Update: sudo-rs-0.2.2-3.fc39

A memory safe implementation of sudo and su...

[SECURITY] Fedora 39 Update: rust-pleaser-0.5.4-4.fc39

Please, a polite regex-first sudo alternative...

Progress Flowmon 12.3.5 Local sudo Privilege Escalation Exploit

This Metasploit module abuses a feature of the sudo command on Progress Flowmon. Certain binary files are allowed to automatically elevate with the sudo command. This is based off of the file name. This includes executing a PHP command with a specific file name. If the file is overwritten with PH...

Progress Flowmon 12.3.5 Local sudo Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Progress Flowmon Local sudo privilege escalation', 'Description' = %q This module abuses a feature of the sudo command on Progress Flowmon. Certa...

EulerOS 2.0 SP12 : sudo (EulerOS-SA-2024-1755)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on n...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2024-1778)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...