4723 matches found
Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerabilities (USN-905-1)
It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation...
[ MDVSA-2010:049 ] sudo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:049 http://www.mandriva.com/security/ Package : sudo Date : February 25, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerabilitiy has been fou...
USN-905-1: sudo vulnerabilities
It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation...
sudo: sudoedit option can possibly allow for arbitrary code execution
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
Important: Red Hat Security Advisory: sudo security update
An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the abilit...
sudo security update
1.6.9p17-6 - added patches for CVE-2010-0426 and CVE-2010-0427 Resolves: 567689...
Mandriva Linux Security Advisory : sudo (MDVSA-2010:049)
A vulnerability has been found and corrected in sudo : sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain...
Command injection
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
DEBIAN-CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
CVE-2010-0427
CVE-2010-0427 affects sudo 1.6.x before 1.6.9p21. When the runas_default option is used, sudo does not properly set group memberships, allowing local users to gain privileges via a sudo command. The issue is documented in multiple advisories and open-vas/Nessus entries (e.g., AXSA-2010-134:01 for...
CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
Sudo sudoedit命令本地权限提升漏洞
BUGTRAQ ID: 38362 CVECAN ID: CVE-2010-0426 Sudo是一款允许用户以其他用户权限安全地执行命令的程序,广泛使用在Linux和Unix操作系统下。 由于处理sudoedit命令时的错误,拥有sudoedit权限的本地用户可以以root用户权限执行任意代码。成功攻击要求sudoedit命令没有在sudoers文件中指定完整路径。 Todd Miller Sudo 1.7 Todd Miller Sudo 1.6 Todd Miller ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
Directory traversal
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
DEBIAN-CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...