4723 matches found
CVE-2013-1776
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...
Input validation
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...
Input validation
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling...
Input validation
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...
CVE-2013-2776
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...
CVE-2013-2777
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling...
CVE-2013-2777
CVE-2013-2777 affects sudo before 1.7.10p5 and 1.8.x before 1.8.6p6 when tty_tickets is enabled. The flaw is improper validation of the controlling terminal device, allowing a local user with sudo privileges to hijack the authorization of another terminal by interacting with the session without a...
CVE-2013-2776
CVE-2013-2776 affects sudo versions 1.3.5–1.7.10p5 and 1.8.0–1.8.6p6, where, on systems without /proc or with tty_tickets enabled, sudo fails to properly validate the controlling terminal. This allows a local user with sudo permissions to hijack another user’s authorization by interacting with th...
CVE-2013-1776
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...
CVE-2013-1776
The CVE-2013-1776 issue is described as: when tty_tickets is enabled, sudo 1.3.5–1.7.10 and 1.8.0–1.8.5 fail to validate the controlling terminal device, allowing local users with sudo privileges to hijack authorization for another terminal via stdin/stdout/stderr vectors. MiracleLinux advisories...
CVE-2013-2776
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the ttytickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another...
CVE-2013-2777
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling...
CVE-2013-1776
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...
Fedora Update for sudo FEDORA-2013-3270
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for sudo FEDORA-2013-3270
Check for the Version of sudo OpenVAS Vulnerability Test Fedora Update for sudo FEDORA-2013-3270 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
CVE-2013-1052
pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...
CVE-2013-1052
pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...
Fedora 17 : sudo-1.8.6p7-1.fc17 (2013-3270)
update to 1.8.6p7 - fixes CVE-2013-1775 and CVE-2013-1776 - fixed several packaging issues thanks to ville.skytta at iki.fi - build with system zlib. - let rpmbuild strip libexecdir/.so. - own the %%docdir/sudo- dir. - fix some rpmlint warnings spaces vs tabs, unescaped macros. - fix bogus...
[SECURITY] Fedora 17 Update: sudo-1.8.6p7-1.fc17
Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...
Fedora Update for sudo FEDORA-2013-3297
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...