CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

Authentication flaw

Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

Sudo Security Breach

Sudo is a program for use on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A security vulnerability exists in versions of Sudo prior to 1.9.15, which stems from vulnerability to a ROWHAMMER attack that can bypass SUDO authentication...

CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

CVE-2023-42465

Technical details about CVE-2023-42465 are not publicly available in the provided connected documents. The CVE is referenced in advisories, but no concrete affected products, root cause, exploit vectors, or fixes are detailed here. Monitor for updates.

CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks for authentication bypass or privilege escalation because application logic sometimes is based on not equaling an error value instead of equaling a success value, and because the values do not resist flips of a single bit...

CVE-2023-42465

A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user. Mitigation In general to address this issue, it's crucial to implement robust logic that prevents unintended...

Advisory ROSA-SA-2023-2311

software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...

Exploit for Incorrect Authorization in Polkit_Project Polkit

CVE-2021-3560-Polkit-Privilege-Escalation by Mark, Qingchen Yu...

CVE-2023-5536

A feature in LXD LP1829071, affects the default configuration of Ubuntu Server which allows privileged users in the lxd group to escalate their privilege to root without requiring a sudo password...

PT-2023-32161 · Canonical · Lxd +1

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Ubuntu Server affected versions not specified Description: A feature in LXD affects the default configuration of Ubuntu Server, allowing privileged users in the lxd group to escalate their privilege to root...

SUSE CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

The vulnerability of the system administration programs Sudo-rs lies in insufficient validation of command arguments entered by users. This allows attackers to escalate their privileges by creating a specially crafted user name.

The vulnerability of the system administration programs Sudo-rs is related to insufficient checking of command arguments entered by users. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a specially crafted user name...

NewStart CGSL MAIN 6.06 : sudo Vulnerability (NS-SA-2023-0135)

The remote NewStart CGSL host, running version MAIN 6.06, has sudo packages installed that are affected by a vulnerability: - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer...

Slackware: Security Advisory (SSA:2023-311-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current sudo Multiple Vulnerabilities (SSA:2023-311-01)

The version of sudo installed on the remote host is prior to 1.9.15. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-311-01 advisory. - Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt...

[slackware-security] sudo

New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/sudo-1.9.15-i586-1slack15.0.txz: Upgraded. The sudoers plugin has been modified to make it more resilient to ROWHAMME...

Rocky Linux 9 : sudo (RLSA-2023:0282)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0282 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...

Rocky Linux 8 : sudo (RLSA-2021:1723)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:1723 advisory. - The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit...

Rocky Linux 8 : sudo (RLSA-2023:0284)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0284 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...