Fedora Update for sudo FEDORA-2013-3297

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Fedora Update for sudo FEDORA-2013-3297

Check for the Version of sudo OpenVAS Vulnerability Test Fedora Update for sudo FEDORA-2013-3297 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

USN-1766-1: pam-xdg-support vulnerability

Zbigniew Tenerowicz and Sebastian Krzyszkowiak discovered that pam-xdg-support incorrectly handled the PATH environment variable. A local attacker could use this issue in combination with sudo to possibly escalate privileges...

CVE-2013-1052

pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the PATH environment variable, which allows local users to gain privileges via unspecified vectors related to sudo...

Fedora 18 : sudo-1.8.6p7-1.fc18 (2013-3297)

update to 1.8.6p7 - fixes CVE-2013-1775 and CVE-2013-1776 - fixed several packaging issues thanks to ville.skytta at iki.fi - build with system zlib. - let rpmbuild strip libexecdir/.so. - own the %%docdir/sudo- dir. - fix some rpmlint warnings spaces vs tabs, unescaped macros. - fix bogus...

[SECURITY] Fedora 18 Update: sudo-1.8.6p7-1.fc18

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

Debian DSA-2642-1 : sudo - several issues

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the...

sudo protection bypass

It's possible to bypass password request by manipulating timestamps. Session id hijacking is possible under some conditions...

[SECURITY] [DSA 2642-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-2642-1 [email protected] http://www.debian.org/security/ Michael Gilbert March 09, 2013 http://www.debian.org/security/faq -...

DSA-2642-1 sudo - several issues

Bulletin has no description...

Debian Security Advisory DSA 2642-1 (sudo - several issues)

Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock...

Debian: Security Advisory (DSA-2642-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 14.0 / current : sudo (SSA:2013-065-01)

New sudo packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2013-065-01. The text...

sudo

New sudo packages are available for Slackware 12.1, 12.2, 13.0, 13.1, 13.37, 14.0, and -current to fix security issues. Here are the details from the Slackware 14.0 ChangeLog: patches/packages/sudo-1.8.6p7-i486-1slack14.0.txz: Upgraded. This update fixes security issues that could allow a user to...

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

DEBIAN-CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

Code injection

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

Immunity Canvas: SUDO_TIMESTAMP

Name| sudotimestamp ---|--- CVE| CVE-2013-1775 Exploit Pack| CANVAS Description| sudotimestamp: Linux/MacOS timestamp privilege escalation Notes| CVE Name: CVE-2013-1775 VENDOR: Intel, GNU/Linux, Apple Notes: This exploit runs on GNU/Linux and MacOS X. On both systems this exploit requires: - Use...

Time Stamp Bug in Sudo Could Have Allowed Code Entry

A vulnerability in sudo – a program that manages user privileges on certain types of systems – could allow an unauthenticated user to execute commands for about five minutes, without entering a password. The problem, which has since been fixed, previously existed in builds 1.6.0 through 1.7.10p6...