CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-19234

CVE-2019-19234 affects sudo up to 1.8.29. A blocked user (e.g., via a ! in shadow) can be impersonated by a Runas ALL sudoer; maintainers consider the CVE not valid. Sudo 1.8.30 introduced a shell-based check (not equivalent to password validation) and a potential path to mitigation by upgrading ...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

Sudo Multiple Security Bypass Vulnerabilities

Description Sudo is prone to multiple security-bypass vulnerabilities. Attackers can exploit these issues to bypass security restrictions and perform unauthorized actions. Sudo versions through 1.8.29 are vulnerable. Technologies Affected Todd Miller Sudo 1.3.5 Todd Miller Sudo 1.5 Todd Miller Su...

PT-2019-4663 · Todd Miller +4 · Sudo +4

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.29 and earlier Description: The issue is related to improper access control in Sudo, allowing an attacker with access to a Runas ALL sudoer account to impersonate any blocked user. This is because the fact that a user has be...

PT-2019-4664 · Todd Miller +4 · Sudo +4

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.29 and earlier Description: The issue is related to the sudoer account with Runas ALL privileges, allowing an attacker to impersonate a nonexistent user by invoking sudo with a numeric uid not associated with any user. This...

EulerOS 2.0 SP3 : sudo (EulerOS-SA-2019-2670)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cau...

Important: Red Hat Security Advisory: sudo security update

An update for sudo is now available for Red Hat Enterprise Linux 5 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

EulerOS 2.0 SP2 : sudo (EulerOS-SA-2019-2414)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cau...

[SECURITY] Fedora 31 Update: freeipa-4.8.3-1.fc31

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2019-0215)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause...

EulerOS 2.0 SP8 : sudo (EulerOS-SA-2019-2304)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cau...

Exploit for CVE-2019-19268

CVE-2019-19268 Affected Version: rConfig 3.9.2. Descriptio...

Oracle Linux 8 : sudo (ELSA-2019-3694)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2019-3694 advisory. 1.8.25p1-8 - RHEL-8.1.0 - fixed CVE-2019-14287 Resolves: rhbz1760696 Tenable has extracted the preceding description block directly from the Oracle Linux securi...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.1.24 machine-os-content-container security update

Red Hat OpenShift Container Platform release 4.1.24 is now available with updates to packages and images that fix several bugs and add enhancements. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, whic...

sudo: Privilege escalation via 'Runas' specification with 'ALL' keyword

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.2.5 machine-os-content-container security update

An update for machine-os-content-container is now available for Red Hat OpenShift Container Platform 4.2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...