4723 matches found
CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
Command injection
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
CVE-2014-0106
CVE-2014-0106 affects Sudo up to version 1.8.5 where env_reset is disabled, and env_delete checks fail to properly sanitize environment variables. This allows local users with sudo permissions to bypass intended command restrictions via crafted environment variables. The vulnerability is tied to ...
CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
CentOS 5 : sudo (CESA-2014:0266)
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)
A flaw was found in the way sudo handled its blacklist of environment variables. When the 'envreset' option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an...
RHEL 5 : sudo (RHSA-2014:0266)
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
Oracle Linux 5 : sudo (ELSA-2014-0266)
The remote Oracle Linux 5 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2014-0266 advisory. 1.7.2p1-29 - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210 Tenable has extracted th...
sudo security update
CentOS Errata and Security Advisory CESA-2014:0266 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...
sudo: certain environment variables not sanitized when env_reset is disabled
Sudo 1.6.9 before 1.8.5, when envreset is disabled, does not properly check environment variables for the envdelete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable...
Moderate: Red Hat Security Advisory: sudo security update
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...
sudo security update
1.7.2p1-29 - added patch for CVE-2014-0106: certain environment variables not sanitized when envreset is disabled Resolves: rhbz1072210...
[slackware-security] sudo
New sudo packages are available for Slackware 13.0, 13.1, and 13.37 to fix a security issue. Here are the details from the Slackware 13.37 ChangeLog: patches/packages/sudo-1.7.10p8-i486-1slack13.37.txz: Upgraded. This update fixes a security issue where if the envreset option is disabled in the...
Slackware 13.0 / 13.1 / 13.37 : sudo (SSA:2014-064-01)
New sudo packages are available for Slackware 13.0, 13.1, and 13.37 to fix a security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2014-064-01. The text itself is copyright C...
Pandora FMS Remote Code Execution
This module exploits a vulnerability found in Pandora FMS 5.0RC1 and lower. It will leverage an unauthenticated command injection in the Anyterm service on port 8023/TCP. Commands are executed as the user "pandora". In Pandora FMS 4.1 and 5.0RC1 the user "artica" is not assigned a password by...
GLSA-201401-23 : sudo: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201401-23 sudo: Privilege escalation Multiple vulnerabilities have been found in sudo: sudo does not correctly validate the controlling terminal on a system without /proc or when the ttytickets option is enabled. sudo does not...
Amazon Linux AMI : sudo (ALAS-2013-259)
A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's...