4723 matches found
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.3 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 8.1 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
sudo: Heap buffer overflow in argument parsing
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...
sudo: Heap buffer overflow in argument parsing
A flaw was found in sudo. A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command by default, any local user can execute sudo without authentication. Successful exploitation of this flaw coul...
Important: Red Hat Security Advisory: sudo security update
An update for sudo is now available for Red Hat Enterprise Linux 7.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for ea...
Important: sudo security update
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fixes: sudo: Heap buffer overflow in argument parsin...
USN-4705-1: Sudo vulnerabilities
It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVE-2021-3156 It was discovered that the Sudo sudoedit utility incorrectly handled checking directory...
USN-4705-1 sudo vulnerabilities
It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. CVE-2021-3156 It was discovered that the Sudo sudoedit utility incorrectly handled checking directory...
[SECURITY] [DLA 2534-1] sudo security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2534-1 [email protected] https://www.debian.org/lts/security/ Salvatore Bonaccorso January 26, 2021 https://wiki.debian.org/LTS -...
SUSE-SU-2021:0226-1 Security update for sudo
This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges bsc1181090,CVE-2021-3156 - It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit...
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
Update Feb 3, 2021: It has been reported that macOS, AIX, and Solaris are also vulnerable to CVE-2021-3156, and that others may also still be vulnerable. Qualys has not independently verified the exploit. Original Post: The Qualys Research Team has discovered a heap overflow vulnerability in sudo...
[SECURITY] [DSA 4839-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4839-1] sudo security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4839-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 26, 2021 https://www.debian.org/security/faq -...
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...
UBUNTU-CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...
sudo: Multiple vulnerabilities
Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...
CVE-2021-3156
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...
Important: sudo
Issue Overview: When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy...
Important: sudo
Issue Overview: When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy...