4723 matches found
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
Command injection
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
CVE-2012-2337
CVE-2012-2337 concerns sudo and affects multiple releases where netmask-based IPv4 configurations bypass restricted commands. Documented in various advisories: sudo versions 1.6.x and 1.7.x prior to 1.7.9p1, and 1.8.x prior to 1.8.4p5 are vulnerable when netmask syntax is used. Impact is local: a...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
Ubuntu Update for sudo USN-1442-1
Ubuntu Update for Linux kernel vulnerabilities USN-1442-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14421.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for sudo USN-1442-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu: Security Advisory (USN-1442-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : sudo -- netmask vulnerability (b3435b68-9ee8-11e1-997c-002354ed89bc)
Todd Miller reports : Sudo supports granting access to commands on a per-host basis. The host specification may be in the form of a host name, a netgroup, an IP address, or an IP network an IP address with an associated netmask. When IPv6 support was added to sudo, a bug was introduced that cause...
Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : sudo vulnerability (USN-1442-1)
It was discovered that sudo incorrectly handled network masks when using Host and HostList. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access...
USN-1442-1: Sudo vulnerability
It was discovered that sudo incorrectly handled network masks when using Host and HostList. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access...
CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address...
sudo -- netmask vulnerability
Todd Miller reports: Sudo supports granting access to commands on a per-host basis. The host specification may be in the form of a host name, a netgroup, an IP address, or an IP network an IP address with an associated netmask. When IPv6 support was added to sudo, a bug was introduced that caused...
VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
The remote ESXi is missing one or more security related Updates from VMSA-2010-0009. Summary ESXi update for ntp and ESX Console OS COS updates for COS kernel, openssl, krb5, gcc, bind, gzip, sudo. Relevant releases VMware ESXi 4.0.0 without patch ESXi400-201005401-SG VMware ESX 4.0.0 without...
Fedora Update for sudo FEDORA-2012-1028
Check for the Version of sudo OpenVAS Vulnerability Test Fedora Update for sudo FEDORA-2012-1028 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...
Fedora Update for sudo FEDORA-2012-1028
The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Gentoo Security Advisory GLSA 201203-06 (sudo)
The remote host is missing updates announced in advisory GLSA 201203-06. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
sudo: Privilege escalation
Background sudo allows a system administrator to give users the ability to run commands as other users. Description Two vulnerabilities have been discovered in sudo: When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group...
GLSA-201203-06 : sudo: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201203-06 sudo: Privilege escalation Two vulnerabilities have been discovered in sudo: When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group CVE-2011-0010. A...
sudo security and bug fix update
1.7.2p1-13 - patch: parse ldap.conf more closely to nssldap Resolves: rhbz750318 1.7.2p1-12 - added patch for CVE-2011-0010 Resolves: rhbz757157 1.7.2p1-11 - backported selinux support from 1.7.4p5 477185, 673157 - fixed bug in RunasSpec group matching 627543 - disable 'sudo -l' output word...
sudo: does not ask for password on GID changes
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command...