Design/Logic Flaw

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

CVE-2017-16777

If HashiCorp Vagrant VMware Fusion plugin aka vagrant-vmware-fusion 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root...

CVE-2017-16777

The CVE-2017-16777 issue affects the HashiCorp Vagrant VMware Fusion plugin (vagrant-vmware-fusion) version 5.0.3. The vulnerability arises when VMware Fusion is not installed but the plugin is present; a local attacker can create a fake application directory and abuse the plugin’s suid root sudo...

Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation

KL-001-2017-017 : Infoblox NetMRI Administration Shell Escape and Privilege Escalation Title: Infoblox NetMRI Administration Shell Escape and Privilege Escalation Advisory ID: KL-001-2017-017 Publication Date: 2017.10.24 Publication URL:...

Infoblox NetMRI 7.1.4 Shell Escape / Privilege Escalation Vulnerabilities

Exploit for hardware platform in category remote exploits Title: Infoblox NetMRI Administration Shell Escape and Privilege Escalation Advisory ID: KL-001-2017-017 Publication Date: 2017.10.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-017.txt 1. Vulnerability...

Infoblox NetMRI Administration Shell Escape and Privilege Escalation

Vulnerability Details Affected Vendor: Infoblox Affected Product: NetMRI Affected Version: 7.1.2 - 7.1.4 Platform: Embedded Linux CWE Classification: CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', CWE-272: Least Privilege Violation Impact: Root...

Sudo sudoers plugin design vulnerability

Sudo is a suite of programs developed by software developer Todd C. Miller for Unix-like operating systems that allow users to execute commands in a secure manner with special privileges. sudoers plugin is one of the Sudo configuration plugin. A design flaw exists in the SHA-2 digest support of t...

CVE-2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed...

DEBIAN-CVE-2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed...

CVE-2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed...

GLSA-201710-04 : sudo: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201710-04 sudo: Privilege escalation The fix present in app-admin/sudo-1.8.20p1 GLSA 201705-15 was incomplete as it did not address the problem of a command with a newline in the name. Impact : A local attacker could execute...

sudo: Privilege escalation

Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description The fix present in...

Design/Logic Flaw

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration...

CVE-2015-4685

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration...

CVE-2015-4685

Polycom RealPresence Resource Manager aka RPRM before 8.4 allows local users with access to the plcm account to gain privileges via a script in /var/polycom/cma/upgrade/scripts, related to a sudo misconfiguration...

CVE-2015-4685

CVE-2015-4685 affects Polycom RealPresence Resource Manager (RPRM) before 8.4. The issue is a sudo misconfiguration that lets the plcm user execute root commands via scripts in /var/polycom/cma/upgrade/scripts, enabling privilege escalation. Impact is described as full root access for an attacker...

The vulnerability of the vi command-line editor for system data storage, Backup Manager, allows a hacker to obtain root privileges.

The vulnerability of the vi script service for the system data storage, Backup Manager, is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to obtain root privileges and compromise the integrity of the critical /etc/passwd file by executing a speci...

Replibit Backup Manager Local Elevation of Privilege Vulnerability

Replibit Backup Manager is a file backup management tool for Linux from Replibit, Inc. A local elevation of privilege vulnerability exists in versions of Replibit Backup Manager prior to 2017.08.04. An attacker can exploit this vulnerability to gain root privileges by executing a sudo command...

Privilege escalation

Privilege escalation in Replibit Backup Manager earlier than version 2017.08.04 allows attackers to gain root privileges via sudo command execution. The vi program can be accessed through sudo, in order to navigate the filesystem and modify a critical file such as /etc/passwd...