CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

Sudo Path Traversal Vulnerability

Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A security vulnerability exists in Sudo-rs versions prior to 0.2.1, which stems from the fact that a username containing the . and / characters could cause specific files ...

PT-2023-6760

Name of the Vulnerable Software and Affected Versions sudo-rs versions prior to 0.2.1 Description The issue is related to the handling of usernames in sudo-rs, a memory-safe implementation of sudo and su. Usernames containing the . and / characters can result in the corruption of specific files o...

Oracle Linux 8 : dmidecode (ELSA-2023-5252)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2023-5252 advisory. 1:3.3-4.1 - Resolves: CVE-2023-30630 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus ha...

dmidecode: dump-bin to overwrite a local file

A vulnerability was found in dmidecode, which allows -dump-bin to overwrite a local file. This issue may lead to the execution of dmidecode via Sudo...

Ivanti Sentry Authentication Bypass / Remote Code Execution Exploit

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Ivanti Sentry MICSLogService Auth Bypass resulting in RCE CVE-2023-38035', 'Description' = %q This module exploits an authentication bypass in...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2775)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2744)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Oracle Linux 8 : sudo (ELSA-2020-1804)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1804 advisory. - CVE-2019-18634 Resolves: rhbz1798093 - CVE-2019-19232 Resolves: rhbz1786987 Resolves: rhbz1796518 - CVE-2019-14287 sudo Tenable has extracted the preceding...

Oracle Linux 6 : sudo (ELSA-2011-0599)

The remote Oracle Linux 6 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2011-0599 advisory. 1.7.4p5-5 - patch: log failed user role changes Resolves: rhbz665131 1.7.4p5-4 - added includedir /etc/sudoers.d to sudoers Resolves: rhbz615087 1.7.4p5-3 - add...

Oracle Linux 8 : sudo (ELSA-2020-0487)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-0487 advisory. 1.8.25p1-8.1 - RHEL 8.1.0.Z ERRATUM - CVE-2019-18634 Resolves: rhbz1798092 Tenable has extracted the preceding description block directly from the Oracle Linux...

Exploit for Off-by-one Error in Sudo_Project Sudo

CVE-2021-3156 - Heap-Based Buffer Overflow in Sudo...

PT-2023-8553 · Sudo +7 · Sudo +7

Name of the Vulnerable Software and Affected Versions: Sudo versions prior to 1.9.15 Description: The issue is related to the authentication procedure in Sudo, which might allow row hammer attacks for authentication bypass or privilege escalation. This is because the application logic sometimes...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2670)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2712)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Rocky Linux 8 : systemd (RLSA-2023:3837)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:3837 advisory. - systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the systemctl stat...

CVE-2022-38060

A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla. A misconfiguration in /etc/sudoers within a container can lead to increased privileges. Mitigation /etc/sudoers within the container should use the securepath option to prevent the PATH environment variable...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Read Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to read root-only files via the dig command without a password. Title: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root...

Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability

Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 has an insecure sudo configuration which permits a low-privilege user to run arbitrary commands as root via the tcpdump command without a password. Title: Cisco ThousandEyes Enterprise Agent Virtual...