CentOS 5 : sudo (CESA-2010:0675)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

sudo security update

CentOS Errata and Security Advisory CESA-2010:0675 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

sudo privilege escalation

Under some conditions, user can execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group...

[USN-983-1] Sudo vulnerability

=========================================================== Ubuntu Security Notice USN-983-1 September 07, 2010 sudo vulnerability CVE-2010-2956 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS This...

Fedora 13 : sudo-1.7.4p4-1.fc13 (2010-14355)

update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD - ISC - added envkeep += HOME see rhbz614025 for backwards compatibility - added Defaults !visiblepw - fixes CVE-2010-2956...

[SECURITY] Fedora 13 Update: sudo-1.7.4p4-1.fc13

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

DEBIAN-CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

Design/Logic Flaw

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

CVE-2010-2956

CVE-2010-2956 affects sudo 1.7.0–1.7.4p3 where configuring a Runas group and using -u with -g allows local privilege escalation via a crafted command line. The connected advisories (openSUSE, SUSE, Slackware, Scientific Linux, Oracle Linux, VMware/OpenVAS, MiracleLinux AXSA-2010-437:05) reference...

Ubuntu: Security Advisory (USN-983-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for sudo RHSA-2010:0675-01

Check for the Version of sudo OpenVAS Vulnerability Test RedHat Update for sudo RHSA-2010:0675-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Ubuntu Update for sudo vulnerability USN-983-1

Ubuntu Update for Linux kernel vulnerabilities USN-983-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9831.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for sudo vulnerability USN-983-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

RedHat Update for sudo RHSA-2010:0675-01

Check for the Version of sudo OpenVAS Vulnerability Test RedHat Update for sudo RHSA-2010:0675-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

openSUSE Security Update : sudo (openSUSE-SU-2010:0591-1)

sudo's handling of the -g command line option allowed to also specify -u in some cases, therefore allowing users to actually run commands as root CVE-2010-2956. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE...

FreeBSD : sudo -- Flaw in Runas group matching (67b514c3-ba8f-11df-8f6e-000c29a67389)

Todd Miller reports : Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option run as group. A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified run as user. Thi...

Ubuntu 9.10 / 10.04 LTS : sudo vulnerability (USN-983-1)

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the RunasSpec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that...