Fedora 25 : sudo (2016-3a0df9e256)

update to 1.8.18p1 - fixes CVE-2016-7076 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

[SECURITY] Fedora 25 Update: sudo-1.8.18p1-1.fc25

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Updated sudo packages fix security vulnerability

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

MGASA-2016-0389 Updated sudo packages fix security vulnerability

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

Debian DLA-707-1 : sudo security update

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen or wordexp C library functions with a user-supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw...

[SECURITY] [DLA 707-1] sudo security update

Package : sudo Version : 1.8.5p2-1+nmu3+deb7u2 CVE ID : CVE-2016-7032 CVE-2016-7076 Debian Bug : 842507 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system, popen or wordexp C library functions with a user supplied argument. A...

Fedora 24 : sudo (2016-112b333bdf)

update to 1.8.18p1 - fixes CVE-2016-7076 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

DLA-707-1 sudo - security update

Bulletin has no description...

[SECURITY] Fedora 24 Update: sudo-1.8.18p1-1.fc24

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

RHEL 7 : sudo (RHSA-2016:2593)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:2593 advisory. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged...

RedHat Update for sudo RHSA-2016:2593-02

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sudo: Possible info leak via INPUTRC

It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files...

Low: Red Hat Security Advisory: sudo security, bug fix, and enhancement update

An update for sudo is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

FreeBSD : sudo -- Potential bypass of sudo_noexec.so via wordexp() (2e4fbc9a-9d23-11e6-a298-14dae9d210b8)

Todd C. Miller reports : A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

sudo -- Potential bypass of sudo_noexec.so via wordexp()

Todd C. Miller reports: A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp function...

CVE-2016-7032

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute...

CVE-2016-7076

It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute...

openSUSE Security Update : sssd (openSUSE-2016-1238)

This update for sssd fixes one security issue and three bugs. The following vulnerability was fixed : - CVE-2014-0249: Incorrect expansion of group membership when encountering a non-POSIX group. bsc880245 The following non-security fixes were also included : - Prevent crashes of statically linke...

SUSE SLED12 / SLES12 Security Update : sssd (SUSE-SU-2016:2579-1)

This update for sssd fixes one security issue and three bugs. The following vulnerability was fixed : - CVE-2014-0249: Incorrect expansion of group membership when encountering a non-POSIX group. bsc880245 The following non-security fixes were also included : - Prevent crashes of statically linke...

sudo-snooper - Python script to fool sudo users

sudo-snooper acts like the original sudo binary to fool users into entering their passwords. It will show a fake prompt just like the original to the user to enter their sudo password. This can be useful in penetration tests or security evaluations for testing user knowledge. Installation steps...