4723 matches found
CVE-2005-1993
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack...
CVE-2005-1993
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack...
CVE-2005-1993
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack...
CVE-2005-1993
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack...
Sudo version 1.6.8p9 now available, fixes security issue.
Sudo version 1.6.8, patchlevel 9 is now available, which fixes a race condition in Sudo's pathname validation. This is a security issue. Summary: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary...
sudo -- local race condition vulnerability
Todd C. Miller reports: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands. Exploitation of the bug requires that the user be allowed to run one or more commands via Sudo and be able to create...
CVE-2005-1831
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo...
CVE-2005-1831
CVE-2005-1831 refers to Sudo 1.6.8p7 on SuSE Linux 9.3 (and possibly other distros) where local users could gain privileges by using sudo to run su, then entering a blank password and pressing CTRL-C. Several researchers could not reproduce the issue, noting that Sudo catches SIGINT and returns a...
CVE-2005-1831
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo...
CVE-2005-1831
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo...
CVE-2005-1831
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo...
CVE-2005-1831
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo...
PT-2005-2798 · Todd Miller · Sudo
Name of the Vulnerable Software and Affected Versions: Sudo version 1.6.8p7 Description: The issue allows local users to potentially gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. However, it has been noted that Sudo catches SIGINT and returns an empt...
CVE-2005-1387
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes...
Mac OS X Multiple Vulnerabilities (Security Update 2005-005)
The remote host is missing Security Update 2005-005. This security update contains fixes for the following applications : - Apache - AppKit - AppleScript - Bluetooth - Directory Services - Finder - Foundation - HelpViewer - LDAP - libXpm - lukemftpd - NetInfo - ServerAdmin - sudo - Terminal - VPN...
CVE-2005-1387
CVE-2005-1387 affects Cocktail 3.5.4 and possibly earlier on Mac OS X. The root cause is that the administrative password is passed on the command line to sudo in cleartext, allowing local users to reveal the password by inspecting running processes. This can lead to sensitive information exposur...
CVE-2005-1387
Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes...
CVE-2005-1119
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files...
DEBIAN-CVE-2005-1119
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files...
CVE-2005-1119
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files...