Design/Logic Flaw

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo...

CVE-2020-10588

v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo...

CVE-2020-10588

CVE-2020-10588 affects v2rayL 2.1.3 on Linux. The vulnerability arises because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privilege user but are executed as root via sudo, enabling local users to escalate to root. The Red Hat and CNVD entries confirm the same root-privilege e...

CVE-2020-10587

antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration...

Design/Logic Flaw

antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration...

CVE-2020-10587

antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration...

CVE-2020-10587

CVE-2020-10587 affects antiX and MX Linux. A local attacker can obtain root access through the Sudo configuration by abusing the persist-config --command /bin/sh vector. The root cause is a misconfigured Sudo setup that allows execution of a shell with elevated privileges from a local context. Pu...

sudo: Multiple vulnerabilities

Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Multiple vulnerabilities have been...

EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1223)

According to the version of the sudo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and sessio...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1223)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Privilege escalation

Privilege Escalation vulnerability in the command line interface in McAfee Advanced Threat Defense ATD 4.x prior to 4.8.2 allows local users to execute arbitrary code via improper access controls on the sudo command...

CVE-2020-7254

McAfee Advanced Threat Defense (ATD) Privilege Escalation (CVE-2020-7254) affects ATD 4.x prior to 4.8.2. The root cause is improper access controls on sudo commands in the command line interface, enabling local users to escalate privileges and execute arbitrary code. Exploitation is local and re...

CentOS 6 : sudo (RHSA-2020:0726)

The remote CentOS Linux 6 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:0726 advisory. - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is...

sudo security update

CentOS Errata and Security Advisory CESA-2020:0726 An update for sudo is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

CVE-2020-10255

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

Privilege escalation

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

CVE-2020-10255

The CVE-2020-10255/TRRRespass issue affects modern memory (DDR4/LPDDR4 after 2015) where Target Row Refresh mitigations can be bypassed by rowhammer patterns. Documents in connected sources confirm this can allow privilege escalation, kernel/Sudo compromise, and cross-tenant VM access via bit fli...

CVE-2020-10255

Modern DRAM chips DDR4 and LPDDR4 after 2015 are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh TRR, aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit...

Exploit for Out-of-bounds Write in Sudo_Project Sudo

CVE-2019-18634 I wrote this exploit for Linx Mint 19.1 so pro...

Oracle Linux 6 : sudo (ELSA-2020-0726)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0726 advisory. - fixed CVE-2019-18634 Resolves: rhbz1799018 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...