Amazon Linux 2023 : sudo, sudo-devel, sudo-logsrvd (ALAS2023-2024-514)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-514 advisory. 2024-02-26: The severity of this advisory has been changed from important to low. Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application...

Amazon Linux 2 : sudo (ALAS-2024-2447)

The version of sudo installed on the remote host is prior to 1.8.23-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2447 advisory. 2024-02-22: CVE-2023-42465 was removed from this advisory. 2024-02-22: The severity of this advisory has been changed from important...

Low: sudo

Issue Overview: Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

Low: sudo

Issue Overview: Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

Amazon Linux AMI : sudo (ALAS-2024-1917)

The version of sudo installed on the remote host is prior to 1.8.23-10.58. It is, therefore, affected by a vulnerability as referenced in the ALAS-2024-1917 advisory. 2024-02-23: CVE-2023-42465 was removed from this advisory. 2024-02-23: The severity of this advisory has been changed from importa...

Improper Privilege Management

sudo is vulnerable to Improper Privilege Management. The vulnerability is caused due to a flaw in handling of ipahostname, where ipahostname from /etc/sssd/sssd.conf was not propagated in sudo. This results in client hosts retain privileges even after retracting them leading to privilege...

Debian: Security Advisory (DLA-3732-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update sudo or yum update --advisor...

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue Correction: Run yum update sudo to update your system...

Low: sudo

Issue Overview: No CVE associated with this advisory Affected Packages: sudo Issue Correction: Run yum update sudo or yum update --advisory ALAS-2024-1917 to update your system. New Packages: i686: sudo-debuginfo-1.8.23-10.58.amzn1.i686 sudo-devel-1.8.23-10.58.amzn1.i686 ...

[SECURITY] [DLA 3732-1] sudo security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3732-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès February 03, 2024 https://wiki.debian.org/LTS -...

Debian dla-3732 : sudo - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3732 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3732-1 [email protected]...

Advisory ROSA-SA-2024-2335

software: xterm 386 WASP: ROSA-CHROME packageevrstring: xterm-386-1.src.rpm CVE-ID: CVE-2023-40359 BDU-ID: 2023-07914 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the ReGIS Vector Graphics Reporting ReGIS Reporting feature of the XTerm terminal emulator is related to an operation exceeding...

Fedora: Security Advisory (FEDORA-2024-cdccda4f62)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: sudo-1.9.15-1.p5.fc39

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Fedora 39 : sudo (2024-cdccda4f62)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-cdccda4f62 advisory. Rabase to 1.9.15p5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this...

[SECURITY] Fedora 39 Update: freeipa-4.11.1-1.fc39

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

sudo: Memory Manipulation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been discovered in sudo. Please review the CVE identifiers referenced below for details. Impact Stack/register variables can be flipped via fault...

GLSA-202401-29 : sudo: Memory Manipulation

The remote host is affected by the vulnerability described in GLSA-202401-29 sudo: Memory Manipulation - Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of...

Traceroute 2.1.2 Privilege Escalation Vulnerability

In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...