Sudo: local root compromise with krb5 enabled

The 'sudo' package can be built to use Kerberos 5 for authentication of users. When a user is properly authenticated to sudo, sudo grants that user potentially limited root privileges. Thus a mistake in the authentication code in sudo is potentially severe: it can lead to a local root compromise...

MIT krb5: makes sudo authentication issue MUCH worse.

On Wed, Jun 06, 2007 at 11:19:01PM -0400, Thor Lancelot Simon wrote: On Wed, Jun 06, 2007 at 09:57:25PM -0400, Thor Lancelot Simon wrote: But woe betide any system administrator who accidentally puts a Kerberos-enabled sudo on a host that's configured as a Kerberos client only! Actually, if you...

Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

The remote host is running a version of Mac OS X 10.4 which is older than version 10.4.9 or a version of Mac OS X 10.3 which does not have Security Update 2007-003 applied. This update contains several security fixes for the following programs : - ColorSync - CoreGraphics - Crash Reporter - CUPS ...

Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)

Binary data 3947.prm...

CVE-2007-0475

Multiple stack-based buffer overflows in utilities/smb4k.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration...

Stack overflow

Multiple stack-based buffer overflows in utilities/smb4k.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration...

CVE-2007-0475

Multiple stack-based buffer overflows in utilities/smb4k.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration...

CVE-2007-0475

Multiple stack-based buffer overflows in utilities/smb4k.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration...

CVE-2007-0475

CVE-2007-0475 affects Smb4K before 0.8.0. The issue consists of multiple stack-based buffer overflows in utilities/smb4k_*.cpp that could allow a local user, who is on the Smb4K sudoers list, to escalate privileges through unspecified vectors related to the args variable and related state with su...

CVE-2007-0475

Multiple stack-based buffer overflows in utilities/smb4k.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration...

Mandrake Linux Security Advisory : sudo (MDKSA-2006:159)

Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made...

Sudo 1.3.1 - 1.6.8p Pathname Validation Local Root Exploit (openbsd)

No description provided by source. include stdio.h include stdlib.h include unistd.h include sysexits.h include sys/wait.h define SUDO "/usr/bin/sudo" ifdef BUFSIZ undef BUFSIZ define BUFSIZ 128 endif / ANY MODIFIED REPUBLISHING IS RESTRICTED OpenBSD sudo 1.3.1 - 1.6.8p local root exploit Tested...

Mac OS X DS_Store Arbitrary File Overwrite Exploit

No description provided by source. !/usr/bin/perl OSX Finder DSStore arbitrary file overwrite exploit. root version vade79 - [email protected] fakehalo/realhalo this will create a directory called "xfinder" in your home directory, once the root user has modified that directory using Finder in almost...

Debian DSA-946-2 : sudo - missing input sanitising

The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into the privileged execution environment. Hence, this update. The configuration optio...

Debian DSA-870-1 : sudo - missing input sanitising

Tavis Ormandy noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. The SHELLOPTS and PS4 variables are dangerous and are still passed through to the program running as privileged user. This can result in the...

CentOS 3 / 4 : sudo (CESA-2005:535)

An updated sudo package is available that fixes a race condition in sudo's pathname validation. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...

CentOS 3 : initscripts (CESA-2006:0015)

Updated initscripts packages that fix a privilege escalation issue and several bugs are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The initscripts package contains the basic system scripts used to boot your Red Hat system,...

FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)

Tavis Ormandy reports : The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running 'set -o xtrace'. However, it may al...

[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 946-2 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 946-2 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...