RHEL 5 : sudo (RHSA-2010:0675)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2010:0675 advisory. - sudo: incorrect handling of RunAs specification with both user and group lists CVE-2010-2956 Note that Nessus has not tested for this issue but has...

GLSA-201009-03 : sudo: Privilege Escalation

The remote host is affected by the vulnerability described in GLSA-201009-03 sudo: Privilege Escalation Multiple vulnerabilities have been reported in sudo: Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo 'secure path' feature does not properly handle multiple PATH variable...

USN-983-1: Sudo vulnerability

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the RunasSpec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that...

Important: Red Hat Security Advisory: sudo security update

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

sudo: incorrect handling of RunAs specification with both user and group lists

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

sudo security update

1.7.2p1-8 - added patch for CVE-2010-2956 628628...

sudo: Privilege Escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Multiple vulnerabilities have been reported in sudo: Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo 'secure path' feature does not properly handle multiple...

sudo -- Flaw in Runas group matching

Todd Miller reports: Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option run as group. A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified run as user. This...

CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery...

CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery...

Design/Logic Flaw

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery...

CVE-2010-2757

CVE-2010-2757 describes a vulnerability in Bugzilla where the sudo feature fails to send impersonation notifications, enabling remote authenticated users to impersonate other users without discovery. The description lists affected Bugzilla releases across multiple branches (2.22rc1–3.2.7, 3.3.1–3...

CVE-2010-2757

The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery...

Bugzilla < 3.2.8 / 3.4.8 / 3.6.2 / 3.7.3 Multiple Vulnerabilities

Binary data 5627.prm...

MDVA-2009:086 : sudo

The version of sudo shipped with 2009.1 has an incorrect path to /etc/ldap.conf compiled in. This means that users who have their sudo config supplied by their ldap server will find their rules no longer apply. This updated package uses the correct /etc/ldap.conf file. See...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

sudo is decorated with global decorator

The reasoning behind preventing theme developers from theming the admin areas was because if you don't know what you are doing then you can mess things up to such an extent that you are unable to use confluence. By decorating the sudo login pages using the global decorator it exposes the user to...