4723 matches found
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
CVE-2021-23239
The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
Slackware 14.0 / 14.1 / 14.2 / current : sudo (SSA:2021-011-01)
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2021-011-01. The text itself is copyright C Slackware Linux,...
FreeBSD : sudo -- Potential information leak in sudoedit (6193b3f6-548c-11eb-ba01-206a8a720317)
Todd C. Miller reports : A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
[slackware-security] sudo
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/sudo-1.9.5-i586-1slack14.2.txz: Upgraded. This update fixes security issues: Potential information leak in sudoedit that...
Sudo Backlink Vulnerability
Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A backlink vulnerability exists in versions of sudo prior to 1.9.5, which can be exploited by an attacker to change the ownership of arbitrary files using sudoedit...
EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation
Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...
Sudo Backlink Vulnerability
Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A backlink vulnerability exists in versions of Sudo prior to 1.9.5 that allows an attacker to test for the existence of a directory anywhere on the file system...
ECSIMAGING PACS 6.21.5 - Remote code execution
Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection...
PT-2021-7361 · Sudo +8 · Sudo +8
Name of the Vulnerable Software and Affected Versions: Sudo versions prior to 1.9.5 Description: The issue is related to the sudoedit personality of Sudo, which may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a race condition in replacing a...
EulerOS Virtualization for ARM 64 3.0.2.0 : cifs-utils (EulerOS-SA-2021-1054)
According to the version of the cifs-utils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used ...
Virtuozzo 6 : sudo / sudo-devel (VZLSA-2019-3755)
An update for sudo is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...
SolarWinds N-Central Access Control Error Vulnerability
SolarWinds N-Central is an IT device management platform from SolarWinds Singapore. The platform provides proactive monitoring of everything on a customer's network, not just servers and workstations, and rapid troubleshooting using features such as MFA, antivirus, integrated endpoint detection a...
CVE-2020-25618
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...
CVE-2020-25618
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...
Design/Logic Flaw
An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect access control because the nable web user account is effectively able to run arbitrary OS commands as root i.e., the use of root privileges is not limited to specific programs listed in the sudoers fi...