Sudo 1.8.25p Buffer Overflow

Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting the...

Sudo 1.8.25p - pwfeedback Buffer Overflow (PoC)

Sudo 1.8.25p - pwfeedback Buffer Overflow PoC Title: Sudo 1.8.25p - Buffer Overflow Date: 2020-01-30 Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide...

Sudo Stack Buffer Overflow Vulnerability

Sudo is a program used on Unix-like systems that allows the user to execute commands in a secure way with special privileges. Sudo suffers from a stack buffer overflow vulnerability. An attacker can exploit the vulnerability by requiring a long string to be passed to the STDIN of GLLN in TGETPAST...

Sudo 1.8.25p - Buffer Overflow Exploit

Title: Sudo 1.8.25p - Buffer Overflow Author: Joe Vennix Software: Sudo Versions: Sudo versions prior to 1.8.26 CVE: CVE-2019-18634 Reference: https://www.sudo.ws/alerts/pwfeedback.html Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For...

Ubuntu: Security Advisory (USN-4263-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative 'root' privileges on Linux or macOS systems. Sudo is one of the mos...

Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root

Joe Vennix of Apple security has found another significant vulnerability in sudo utility that under a specific configuration could allow low privileged users or malicious programs to execute arbitrary commands with administrative 'root' privileges on Linux or macOS systems. Sudo is one of the mos...

USN-4263-1 sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account...

USN-4263-1: Sudo vulnerability

Joe Vennix discovered that Sudo incorrectly handled memory operations when the pwfeedback option is enabled. A local attacker could possibly use this issue to obtain unintended access to the administrator account...

Debian DLA-2094-1 : sudo security update

A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges. For Debian 8...

[Important] [Security] Virtuozzo Hybrid Infrastructure 4.0 Update 1.2 (4.0.1-49)

This update provides a security fix. Vulnerability id: VSTOR-40614 Fix for a vulnerability in sudo known as CVE-2021-3156...

Debian DSA-4614-1 : sudo - security update

Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the 'pwfeedback' option enabled. An unprivileged user can take advantage of this flaw to obtain full root...

Slackware 14.0 / 14.1 / 14.2 / current : sudo (SSA:2020-031-01)

New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2020-031-01. The text itself is copyright C Slackware Linux...

FreeBSD : sudo -- Potential bypass of Runas user restrictions (b4e5f782-442d-11ea-9ba9-206a8a720317)

Todd C. Miller reports : Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key...

Debian: Security Advisory (DSA-4614-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-2094-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] [DLA 2094-1] sudo security update

Package : sudo Version : 1.8.10p3-1+deb8u7 CVE ID : CVE-2019-18634 A stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user can take...

[SECURITY] [DSA 4614-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4614-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4614-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq -...

DLA-2094-1 sudo - security update

Bulletin has no description...