Important: sudo

Issue Overview: When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy...

CVE-2021-3156 "Baron Samedit"

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via “sudoedit -s” and a command-line argument that ends with a single backslash character. Recent assessments: cdelafuente-r7 at January 27, 2021 3:40pm UTC...

Sudo 缓冲区错误漏洞

Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a buffer overflow vulnerability. An attacker can exploit this vulnerability to gain root privileges on the system...

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...

Photon OS 3.0: Sudo PHSA-2021-3.0-0186

An update of the sudo package has been released. C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-3.0-0186. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid145412;...

Photon OS 2.0: Sudo PHSA-2021-2.0-0313

An update of the sudo package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-2.0-0313. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid145416;...

sudo -- Multiple vulnerabilities

Todd C. Miller reports: When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156. Fixed a potential buffer overflow...

CVE-2021-3156

CVE-2021-3156 is a heap-based buffer overflow in sudo that enables privilege escalation to root. The issue arises in the argument parsing path and is exploitable via commands using sudoedit -s with a trailing backslash, leading to memory corruption. Affected release information in the provided do...

Photon OS 1.0: Sudo PHSA-2021-1.0-0356

An update of the sudo package has been released. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2021-1.0-0356. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid145419;...

Amazon Linux AMI : sudo (ALAS-2021-1478)

The version of sudo installed on the remote host is prior to 1.8.23-9.56. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1478 advisory. When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's...

Amazon Linux 2 : sudo (ALAS-2021-1590)

The version of sudo installed on the remote host is prior to 1.8.23-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1590 advisory. When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's...

CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character...

DSA-4839-1 sudo - security update

Bulletin has no description...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0313

An update of 'atftp', 'nodejs', 'sudo' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2021-0313

Updates of 'atftp', 'sudo', 'nodejs' packages of Photon OS have been released...

Metasploit Wrap-Up

Metasploit Wrapup Windows print spooler vulnerability...again Here we have bwatters-r7 coming in with an exploit for CVE-2020-1337, a patch bypass for a Windows print spooler elevation of privilege vulnerability that was exploited in the wild last year. The original vulnerability, CVE-2020-1048,...

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0356

An update of 'dnsmasq', 'sudo' packages of Photon OS has been released...

Important Photon OS Security Update - PHSA-2021-0186

Updates of 'sudo', 'nodejs', 'atftp', 'dnsmasq' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-0356

Updates of 'dnsmasq', 'sudo' packages of Photon OS have been released...

Important Photon OS Security Update - PHSA-2021-3.0-0186

Updates of 'atftp', 'sudo', 'nodejs', 'dnsmasq' packages of Photon OS have been released...