4723 matches found
CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
CVE-2010-0426
CVE-2010-0426 affects sudo 1.6.x < 1.6.9p21 and 1.7.x
CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runasdefault option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command...
Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt7
Feb. 23, 2010 Dmitry V. Levin 1:1.6.8p12-alt7 - Backported upstream fix for CVE-2010-0426 a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands; envreset sudoers option had to be explicitly disabled to make an attack possible...
CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...
Security fix for the ALT Linux 6 package sudo version 1:1.6.8p12-alt7
Feb. 23, 2010 Dmitry V. Levin 1:1.6.8p12-alt7 - Backported upstream fix for CVE-2010-0426 a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands; envreset sudoers option had to be explicitly disabled to make an attack possible...
Security fix for the ALT Linux 5 package sudo version 1:1.6.8p12-alt7
Feb. 23, 2010 Dmitry V. Levin 1:1.6.8p12-alt7 - Backported upstream fix for CVE-2010-0426 a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands...
CVE-2009-4648
Accellion Secure File Transfer Appliance before 80105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via 1 arbitrary arguments in the --filemove action in /usr/local/bin/admin.pl, or a...
sudo -- Privilege escalation with sudoedit
Todd Miller reports: When sudo performs its command matching, there is a special case for pseudo-commands in the sudoers file currently, the only pseudo-command is sudoedit. Unlike a regular command, pseudo-commands do not begin with a slash '/'. The flaw is that sudo's the matching code would on...
SLES9: Security update for sudo
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: sudo More details may also be found by searching for keyword 5015295 within the SuSE Enterprise Server 9 patch database at...
SLES9: Security update for sudo
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: sudo For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5019263 within the SuSE...
SLES9: Security update for sudo
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: sudo More details may also be found by searching for keyword 5015295 within the SuSE Enterprise Server 9 patch database linked in the references...
SLES9: Security update for sudo
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: sudo For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5019263 within the SuSE...
openSUSE Security Update : sudo (sudo-472)
This update of sudo fixes a bug that allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update sudo-47...
openSUSE Security Update : sudo (sudo-472)
This update of sudo fixes a bug that allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update sudo-47...
VMSA-2009-0009:ESX Service Console updates for udev, sudo, and curl
VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2009-0009 VMware Security Advisory Synopsis: ESX Service Console updates for udev, sudo, and curl VMware Security Advisory Issue date: 2009-07-10 VMware Security...
Fedora 10 : sudo-1.6.9p17-5.fc10 (2009-1074)
Fix for incorrect handling of groups in RunasUser Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Ubuntu 8.04 LTS / 8.10 : sudo vulnerability (USN-722-1)
Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a 'RunAs' list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped...
FreeBSD : sudo -- privilege escalation with bash scripts (bdd1537b-354c-11d9-a9e7-0001020eed82)
A Sudo Security Alerts reports : A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
FreeBSD : sudo -- sudoedit information disclosure (a268ef4a-0b35-11d9-8a8a-000c41e2cdad)
A new feature of sudo 1.6.8 called 'sudoedit' a safe editing facility may allow users to read files to which they normally have no access. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...