Sudo 1.3.1 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation

Sudo 1.3.1 1.6.8p OpenBSD - Pathname Validation Privilege Escalation include include include include include define SUDO "/usr/bin/sudo" ifdef BUFSIZ undef BUFSIZ define BUFSIZ 128 endif / ANY MODIFIED REPUBLISHING IS RESTRICTED OpenBSD sudo 1.3.1 - 1.6.8p local root exploit Tested under OpenBSD...

[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race

------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race

------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

DSA-735-1 sudo - pathname validation race

Bulletin has no description...

sudo security update

CentOS Errata and Security Advisory CESA-2005:535-04 An updated sudo package is available that fixes a race condition in sudo's pathname validation. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system...

sudo security update

CentOS Errata and Security Advisory CESA-2005:535 An updated sudo package is available that fixes a race condition in sudo's pathname validation. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system...

security flaw

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack...

Moderate: Red Hat Security Advisory: sudo security update

An updated sudo package is available that fixes a race condition in sudo's pathname validation. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the ability to run...

RHEL 4 : sudo (RHSA-2005:535)

The remote Redhat Enterprise Linux 4 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2005:535 advisory. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root with logging. A race condition bu...

Fedora Core 4 : sudo-1.6.8p8-2.2 (2005-473)

Tue Jun 21 2005 Karel Zak 1.6.8p8-2.2 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...

sudo: Arbitrary command execution

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of a...

Mandrake Linux Security Advisory : sudo (MDKSA-2005:103)

A race condition was discovered in sudo by Charles Morris. This could lead to the escalation of privileges if /etc/sudoers allowed a user to execute selected programs that were then followed by another line containing the pseudo-command 'ALL'. By creating symbolic links at a certain time, that us...

GLSA-200506-22 : sudo: Arbitrary command execution

The remote host is affected by the vulnerability described in GLSA-200506-22 sudo: Arbitrary command execution The sudoers file is used to define the actions sudo users are permitted to perform. Charles Morris discovered that a specific layout of the sudoers file could cause the results of an...

Fedora Core 3 : sudo-1.6.7p5-30.3 (2005-472)

Tue Jun 21 2005 Karel Zak 1.6.7p5-30.3 - fix 161116 - CVE-2005-1993 sudo trusted user arbitrary command execution Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it...

sudo

New Sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix a security issue. A race condition could allow a user with Sudo privileges to run arbitrary commands. For more details, see: http://www.courtesan.com/sudo/alerts/pathrace.html Here are the details from th...

USN-142-1: sudo vulnerability

Charles Morris discovered a race condition in sudo which could lead to privilege escalation. If /etc/sudoers allowed a user the execution of selected programs, and this was followed by another line containing the pseudo-command "ALL", that user could execute arbitrary commands with sudo by creati...

Security fix for the ALT Linux 8 package sudo version 1:1.6.7p5-alt5

June 21, 2005 Dmitry V. Levin 1:1.6.7p5-alt5 - Backported upstream fix so a sudoers entry with sudo ALL no longer overwrites the value of safecmnd CAN-2005-1993...

Security fix for the ALT Linux 6 package sudo version 1:1.6.7p5-alt5

June 21, 2005 Dmitry V. Levin 1:1.6.7p5-alt5 - Backported upstream fix so a sudoers entry with sudo ALL no longer overwrites the value of safecmnd CAN-2005-1993...

CVE-2005-1993

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack...

CVE-2005-1993

CVE-2005-1993 describes a local privilege-escalation race in sudo’s pathname validation. In affected versions (sudo 1.3.1–1.6.8p8), a user with sudo privileges could trigger a symlink race when an ALL entry appears after the user’s sudoers entry, potentially executing commands as root. Public adv...