Ubuntu Update for sudo USN-1754-1

Check for the Version of sudo OpenVAS Vulnerability Test $Id: gbubuntuUSN17541.nasl 8526 2018-01-25 06:57:37Z teissa $ Ubuntu Update for sudo USN-1754-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you...

Ubuntu: Security Advisory (USN-1754-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

CVE-2013-1775

CVE-2013-1775 affects sudo 1.6.0–1.7.10p6 and 1.8.0–1.8.6p6. The issue allows a local attacker to bypass time-based authentication by setting the system clock to the epoch, enabling privilege escalation if a user has an active sudo timestamp. Debian notes the fix in 1.7.4p4-2 (squeeze) and 1.8.5p...

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

FreeBSD : sudo -- Potential bypass of tty_tickets constraints (82cfd919-8213-11e2-9273-902b343deec9)

Todd Miller reports : A potentially malicious program run by a user with sudo access may be able to bypass the 'ttyticket' constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...

FreeBSD : sudo -- Authentication bypass when clock is reset (764344fb-8214-11e2-9273-902b343deec9)

Todd Miller reports : The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...

[USN-1754-1] Sudo vulnerability

========================================================================== Ubuntu Security Notice USN-1754-1 February 28, 2013 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : sudo vulnerability (USN-1754-1)

Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt. Note that Tenable Network Security has extracted the preceding description block directly from the...

USN-1754-1: Sudo vulnerability

Marco Schoepl discovered that Sudo incorrectly handled time stamp files when the system clock is set to epoch. A local attacker could use this issue to run Sudo commands without a password prompt...

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

sudo -- Authentication bypass when clock is reset

Todd Miller reports: The flaw may allow someone with physical access to a machine that is not password-protected to run sudo commands without knowing the logged in user's password. On systems where sudo is the principal way of running commands as root, such as on Ubuntu and Mac OS X, there is a...

sudo -- Potential bypass of tty_tickets constraints

Todd Miller reports: A potentially malicious program run by a user with sudo access may be able to bypass the "ttyticket" constraints. In order for this to succeed there must exist on the machine a terminal device that the user has previously authenticated themselves on via sudo within the last...

CVE-2012-5536

A certain Red Hat build of the pamsshagentauth module on Red Hat Enterprise Linux RHEL 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privilege...

Code injection

A certain Red Hat build of the pamsshagentauth module on Red Hat Enterprise Linux RHEL 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privilege...

CVE-2012-5536

A certain Red Hat build of the pamsshagentauth module on Red Hat Enterprise Linux RHEL 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or possibly gain privilege...

sudo: bypass of tty_tickets constraints

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...

Low: Red Hat Bug Fix Advisory: sudo bug fix and enhancement update

Updated sudo packages that fix several bugs and add various enhancements are now available for Red Hat Enterprise Linux 6. The sudo super user do utility allows system administrators to give certain users the ability to run commands as root. The updated sudo packages include numerous bug fixes an...

SuSE 11.1 Security Update : sudo, sudo-debuginfo, sudo-debugsource (SAT Patch Number 6306)

This update fixes a security problem in sudo : Multiple netmask values used in Host / HostList configuration caused any host to be allowed access. CVE-2012-2337 Also a bug in wildcard matching could allow too relaxed matches within subdirectories of the specified path so /usr/bin/ would also matc...

Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution

Astium VoIP PBX 2.1 build 25399 - Multiple VulnerabilitiesRemote Command Execution !/usr/bin/python +--------------------------------------------------------------------------------------------------------------------------------+ Exploit Title : Astium VoIP PBX 0x90.nl Software link :...