4723 matches found
GLSA-201406-30 : sudo: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201406-30 sudo: Privilege escalation When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as expected. Impact : A local attacker, authorized to run commands using...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description When the Sudo envreset option is disabled it is enabled by default, certain environment variables are not blacklisted as...
USN-2255-1 neutron vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Neutron did not properly set up its sudo configuration. If a different flaw was found in OpenStack Neutron, this vulnerability could be used to escalate privileges. CVE-2013-6433 Stephen Ma and Christoph Thiel discovered that the...
CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
DEBIAN-CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
Design/Logic Flaw
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
Ubuntu 14.04 LTS : OpenStack Cinder vulnerability (USN-2248-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2248-1 advisory. Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in...
USN-2248-1: OpenStack Cinder vulnerability
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in OpenStack Cinder, this vulnerability could be used to escalate privileges. CVE-2013-1068...
USN-2248-1 cinder vulnerability
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Cinder did not properly set up its sudo configuration. If a different flaw was found in OpenStack Cinder, this vulnerability could be used to escalate privileges. CVE-2013-1068...
USN-2247-1: OpenStack Nova vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...
USN-2247-1 nova vulnerabilities
Darragh O'Reilly discovered that the Ubuntu packaging for OpenStack Nova did not properly set up its sudo configuration. If a different flaw was found in OpenStack Nova, this vulnerability could be used to escalate privileges. This issue only affected Ubuntu 13.10 and Ubuntu 14.04 LTS...
CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
UBUNTU-CVE-2013-1068
The OpenStack Nova python-nova package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.2 and 1:2014.1-0 before 1:2014.1-0ubuntu1.2 and Openstack Cinder python-cinder package 1:2013.2.3-0 before 1:2013.2.3-0ubuntu1.1 and 1:2014.1-0 before 1:2014.1-0ubuntu1.1 for Ubuntu 13.10 and 14.04 LTS does not properl...
openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)
This update of sudo fixes : - CVE-2011-0010: Does ask for the user password for GID changes now. - CVE-2010-1646: CVSS v2 Base Score: 6.6 CWE-264: The secure environment option can handle multiple occurrence of PATH now. - CVE-2010-1163: CVSS v2 Base Score: 6.9 CWE-20: Improved command matching...
openSUSE Security Update : sudo (openSUSE-SU-2012:0652-1)
sudo did not always honor the HostList setting in /etc/sudoers properly %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-293. The text description of this plugin is C SUSE LLC...
openSUSE Security Update : sudo (openSUSE-2012-73)
sudo was prone to a format string vulnerability %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2012-73. The text description of this plugin is C SUSE LLC...
openSUSE Security Update : sudo (openSUSE-SU-2010:0591-1)
sudo's handling of the -g command line option allowed to also specify -u in some cases, therefore allowing users to actually run commands as root CVE-2010-2956. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...