Mageia: Security Advisory (MGASA-2023-0133)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6005-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : sudo (EulerOS-SA-2023-1611)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR,...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Sudo vulnerabilities (USN-6005-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6005-1 advisory. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay...

MGASA-2023-0133 Updated sudo packages fix security vulnerability

Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487...

Updated sudo packages fix security vulnerability

Sudo before 1.9.13 does not escape control characters in log messages. CVE-2023-28486 Sudo before 1.9.13 does not escape control characters in sudoreplay output. CVE-2023-28487...

USN-6005-1: Sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...

USN-6005-1 sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly escaped control characters in log messages and sudoreplay output. An attacker could possibly use these issues to inject terminal control characters that alter output when being viewed...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2023-0029)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a vulnerability: - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based...

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20220304.385)

The version of AHV installed on the remote host is prior to 20220304.385. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-20220304.385 advisory. - BIND 9.11.0 - 9.11.36 9.12.0 - 9.16.26 9.17.0 - 9.18.0 BIND Supported Preview Editions: 9.11.4-S1 - 9.11.36-S1...

CVE-2023-28487 affecting package sudo 1.9.12p2-1

CVE-2023-28487 affecting package sudo 1.9.12p2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-27320 affecting package sudo 1.9.12p2-1

CVE-2023-27320 affecting package sudo 1.9.12p2-1. An upgraded version of the package is available that resolves this issue...

Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023...

Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023...

SUSE SLES12: libsystemd0 / libsystemd0-32bit / libudev-devel / libudev1 / etc (SUSE-SU-2023:1776-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:1776-1 advisory. - CVE-2023-26604: Fixed a privilege escalation via the less pager. bsc1208958 - CVE-2022-4415: Fixed systemd-coredump that did not...

Important: systemd

Issue Overview: systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched...

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit

!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...

sudo 1.9.12p1 Privilege Escalation

!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

!/usr/bin/env bash Exploit Title: sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit Author: n3m1.sys CVE: CVE-2023-22809 Date: 2023/01/21 Vendor Homepage: https://www.sudo.ws/ Software Link: https://www.sudo.ws/dist/sudo-1.9.12p1.tar.gz Version: 1.8.0 to 1.9.12p1 Tested on: Ubuntu Server 22.0...

QNAP QTS / QuTS hero Vulnerability in sudo (QSA-23-11)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a vulnerability as referenced in the QSA-23-11 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...