Security fix for the ALT Linux 8 package sudo version 1:1.8.31p2-alt1

Aug. 30, 2020 Evgeny Sinelnikov 1:1.8.31p2-alt1 - Update to latest release Fixes: CVE-2019-18634...

Security fix for the ALT Linux 8 package sudo version 1:1.9.2-alt1

Aug. 30, 2020 Evgeny Sinelnikov 1:1.9.2-alt1 - Update to latest release of the sudo 1.9 Fixes: CVE-2019-19232, CVE-2019-19234 - Added sudo event and I/O log server - Added send sudo I/O log to log server utility - Added selinux support - Added native audit support...

CVE-2020-14162

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command...

CVE-2020-14162

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command...

Command injection

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command...

CVE-2020-14162

CVE-2020-14162 concerns Pi-Hole up to version 5.0, where the local www-data user has passwordless sudo to run the pihole core script as root via its setdns command. This enables potential root access through shell metacharacters in setdns. The vulnerability is described consistently across multip...

CVE-2020-14162

An issue was discovered in Pi-Hole through 5.0. The local www-data user has sudo privileges to execute the pihole core script as root without a password, which could allow an attacker to obtain root access via shell metacharacters to this script's setdns command...

Code Injection in z4nzu/hackingtool

Description The hackingtool by Z4nzu is a pool of pentest tools that is useful to hackers to do fast hacking from information gathering to web attacks to wireless hacking and much more which are provided in terminal UI. It is built using python3. However it uses os.system command in various place...

Security Bulletin: IBM Sterling Connect:Direct for UNIX Allows a User with Sudo Access Restricted to Certain Connect:Direct Executable Files to Expand Access Beyond the Restriction (CVE-2018-1903)

Summary UNIX system administrators may grant access to run certain executable files with expanded privilege via the sudo utility. Connect:Direct for UNIX has a vulnerability that could allow a user to escape this sudo executable file restriction and perform unauthorized commands with expanded...

Security Bulletin: Multiple vulnerabilities in sudo, glibc affect IBM SmartCloud Entry (CVE-2017-1000368 CVE-2017-1000366)

Summary Multiple vulnerabilities have been identified in sudo and glibc. Sudo and glibc are used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the vulnerabilities Vulnerability Details CVEID: CVE-2017-1000368 DESCRIPTION: sudo could allow a local attacker to gain elevated privileges...

Security Bulletin: Multiple vulnerabilities in expat, nss,  bind ,  policycoreutils, sudo shipped with  SmartCloud Entry Appliance

Summary Multiple vulnerabilities have been idintified in Expat, nss, ISC BIND , policycoreutils and sudo libraries shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to ...

Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry

Summary Multiple vulnerabilities have been identified in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util. coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities...

CVE-2020-10286

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1785)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - DISPUTED In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of ...

Privilege escalation

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files such as the shadow file or privilege escalation by manually adding a new user with sudo privileges on the machine...

CVE-2020-10277 RVD#2562: Booting from a live image leads to exfiltration of sensible information and privilege escalation

There is no mechanism in place to prevent a bad operator to boot from a live OS image, this can lead to extraction of sensible files such as the shadow file or privilege escalation by manually adding a new user with sudo privileges on the machine...

EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1662)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...