4723 matches found
Sudo 缓冲区错误漏洞
Sudo is a program used on Unix-like systems that allows users to execute commands in a secure manner with special privileges. A buffer error vulnerability exists in Sudo versions 1.8.0 through 1.9.12, which stems from the presence of an array out-of-bounds error that could result in a heap-based...
CVE-2022-43995
CVE-2022-43995 affects the sudo package, versions 1.8.0 through 1.9.12 with the crypt() password backend. The root cause is a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can cause a heap-based buffer over-read. It can be triggered by arbitrary local users who have access to sudo ...
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
EulerOS 2.0 SP10 : sudo (EulerOS-SA-2022-2701)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This...
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...
EulerOS 2.0 SP10 : sudo (EulerOS-SA-2022-2669)
According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Protobuf-c v1.4.0 was discovered to contain an invalid arithmetic shift via the function parsetagandwiretype in protobuf-c/protobuf-c.c. This...
PT-2022-5350 · Sudo +5 · Sudo +5
Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.0 through 1.9.12 Description: The issue is related to an array-out-of-bounds error in the plugins/sudoers/auth/passwd.c file of the Sudo program when using the crypt password backend. This error can result in a heap-based...
Zimbra sudo + postfix privilege escalation
This module exploits a vulnerable sudo configuration that permits the zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. Module Options msf use exploit/linux/local/zimbrapostfixprivesc msf exploitzimbrapostfixprive...
Zimbra Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Zimbra sudo + postfix privilege escalation', 'Description' = %q This module exploits a vulnerable sudo configuration that permits the zimbra user...
Zimbra Privilege Escalation Exploit
This Metasploit module exploits a vulnerable sudo configuration that permits the Zimbra user to execute postfix as root. In turn, postfix can execute arbitrary shellscripts, which means it can execute a root shell. This module requires Metasploit: https://metasploit.com/download Current source:...
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
Privilege escalation
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
CVE-2022-3569
CVE-2022-3569 affects Zimbra Collaboration Suite (ZCS) versions 9.0.0 and earlier. The issue is a local privilege escalation caused by incorrect sudo permissions that let the zimbra user coerce postfix to run commands as root, enabling root-level command execution. Public exploit avenues exist (e...
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
CVE-2022-3569
Due to an issue with incorrect sudo permissions, Zimbra Collaboration Suite ZCS suffers from a local privilege escalation issue in versions 9.0.0 and prior, where the 'zimbra' user can effectively coerce postfix into running arbitrary commands as 'root'...
PT-2022-22944 · Zimbra · Zimbra Collaboration Suite
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite versions prior to 9.0.0 Description: The issue is related to incorrect sudo permissions, allowing a local privilege escalation where the zimbra user can coerce postfix into running arbitrary commands as root...
Zimbra Collaboration Server 9.0.0 < 9.0.0 Patch 27 Multiple Vulnerabilities
According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities: including the following: - An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts. CVE-2022-41352 ...
Zimbra Collaboration Server 8.8.15 < 8.8.15 Patch 34 Multiple Vulnerabilities
According to its self-reported version number, Zimbra Collaboration Server is affected by a multiple vulnerabilities: including the following: - An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts. CVE-2022-41352 ...