USN-3304-1: Sudo vulnerability

It was discovered that Sudo did not properly parse the contents of /proc/pid/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions...

SUSE-SU-2017:1450-1 Security update for sudo

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

SUSE-SU-2017:1446-1 Security update for sudo

This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/pid/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. bsc1039361 - Fix FQDN for...

CVE-2017-1000367

A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root...

[SECURITY] [DSA 3867-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2017 https://www.debian.org/security/faq -...

[SECURITY] [DSA 3867-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3867-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 30, 2017 https://www.debian.org/security/faq -...

CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

UBUNTU-CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation embedded spaces in the getprocessttyname function resulting in information disclosure and command execution...

DLA-970-1 sudo - security update

Bulletin has no description...

Debian Security Advisory DSA 3867-1 (sudo - security update)

The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse OpenVAS Vulnerability Test $Id: deb3867.nasl 6607 2017-07-07 12:04:25Z cfischer $ Auto-generated from advisory DSA 3867-1 using nvtgen 1.0 Script...

sudo security update

1.8.6p3-28 - Fixes CVE-2017-1000367 Resolves: rhbz1455399...

DSA-3867-1 sudo - security update

Bulletin has no description...

sudo: Privilege escalation

Background sudo su “do” allows a system administrator to delegate authority to give certain users or groups of users the ability to run some or all commands as root or another user while providing an audit trail of the commands and their arguments. Description Qualys discovered a vulnerability in...

[ASA-201705-25] sudo: access restriction bypass

Arch Linux Security Advisory ASA-201705-25 ========================================== Severity: Medium Date : 2017-05-30 CVE-ID : CVE-2017-1000367 Package : sudo Type : access restriction bypass Remote : No Link : https://security.archlinux.org/AVG-282 Summary ======= The package sudo before...

Debian: Security Advisory (DSA-3867-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Quest Privilege Manager pmmasterd Buffer Overflow Exploit

This Metasploit modules exploits a buffer overflow in the Quest Privilege Manager, a software used to integrate Active Directory with Linux and Unix systems. The vulnerability exists in the pmmasterd daemon, and can only triggered when the host has been configured as a policy server Privilege...

EulerOS 2.0 SP1 : sudo (EulerOS-SA-2016-1055)

According to the version of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information...

EulerOS 2.0 SP1 : sudo (EulerOS-SA-2017-1004)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen, or wordexp C librar...

HideMyAss Pro VPN Client 2.2.7.0 Privilege Escalation

------------------------------------------------------------------------ Multiple local privilege escalation vulnerabilities in HideMyAss Pro VPN client v2.x for OS X ------------------------------------------------------------------------ Han Sahin, April 2017...

SolarWinds Log and Event Manager Elevation of Privilege Vulnerability

SolarWinds Log and Event Manager is a log and event manager that provides real-time log analysis, memory event correlation, and threat attack response. A privilege acquisition vulnerability exists in SolarWinds Log and Event Manager version 6.3.1. This vulnerability can be exploited by a local...