Mandriva Linux Security Advisory : sudo (MDVSA-2009:033)

A vulnerability has been identified in sudo which allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root CVE-2009-0034. The updated packages have been patched to prevent this. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

Todd Miller Sudo Runas_Alias组本地权限提升漏洞

BUGTRAQ ID: 33517 CVECAN ID: CVE-2009-0034 Sudo是一款允许用户以其他用户权限安全地执行命令的程序，广泛使用在Linux和Unix操作系统下。 sudo在确认用户属于哪个组的时候sudo中的parse.c文件没有正确地解释sudoer配置文件中的系统组（也被称为%group），本地用户可以利用run-as-user-in-group功能无需口令认证便以root用户权限执行sudo命令。 Todd Miller Sudo 1.6.9p17 - 1.6.9p19 厂商补丁： RedHat ------...

Ubuntu USN-722-1 (sudo)

The remote host is missing an update to sudo announced via advisory USN-722-1. OpenVAS Vulnerability Test $Id: ubuntu7221.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu7221.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-722-1 sudo Authors: Thomas Reinke...

Ubuntu: Security Advisory (USN-722-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-722-1: sudo vulnerability

Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. VID 13d6d997-f455-11dd-8516-001b77d09812 OpenVAS Vulnerability Test $ Description: Auto generated from VID 13d6d997-f455-11dd-8516-001b77d09812 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Gentoo Security Advisory GLSA 200902-01 (sudo)

The remote host is missing updates announced in advisory GLSA 200902-01. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Fedora Core 10 FEDORA-2009-1074 (sudo)

The remote host is missing an update to sudo announced via advisory FEDORA-2009-1074. OpenVAS Vulnerability Test $Id: fcore20091074.nasl 6624 2017-07-10 06:11:55Z cfischer $ Description: Auto-generated from advisory FEDORA-2009-1074 sudo Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft...

Mandrake Security Advisory MDVSA-2009:033 (sudo)

The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. OpenVAS Vulnerability Test $Id: mdksa2009033.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:033 sudo Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

RedHat Security Advisory RHSA-2009:0267

The remote host is missing updates announced in advisory RHSA-2009:0267. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in run as lists in the sudoe...

Fedora Core 10 FEDORA-2009-1074 (sudo)

The remote host is missing an update to sudo announced via advisory FEDORA-2009-1074. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

RedHat Security Advisory RHSA-2009:0267

The remote host is missing updates announced in advisory RHSA-2009:0267. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in run as lists in the sudoe...

Gentoo Security Advisory GLSA 200902-01 (sudo)

The remote host is missing updates announced in advisory GLSA 200902-01. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

Mandrake Security Advisory MDVSA-2009:033 (sudo)

The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR...

FreeBSD : sudo -- certain authorized users could run commands as any user (13d6d997-f455-11dd-8516-001b77d09812)

Todd Miller reports : A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...

GLSA-200902-01 : sudo: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-200902-01 sudo: Privilege escalation Harald Koenig discovered that sudo incorrectly handles group specifications in RunasAlias and related entries when a group is specified in the list using %group syntax, to allow a user to run...

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description Harald Koenig discovered that sudo incorrectly handles group specifications in RunasAlias and related entries when a group is specified in the list using %group syntax, to allow a...

RHEL 5 : sudo (RHSA-2009:0267)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2009:0267 advisory. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was...

Moderate: Red Hat Security Advisory: sudo security update

An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...