4723 matches found
CVE-2005-1119
CVE-2005-1119 affects Sudo VISudo 1.6.8 and earlier. The vulnerability arises from a symlink attack on temporary files, enabling local users to corrupt arbitrary files. Impact is local privilege concern (I = Partial) with no confidentiality/vitality impact, per available data. The provided docume...
CVE-2005-1119
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files...
CVE-2005-1119
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
DEBIAN-CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
CVE-2004-1689
The CVE-2004-1689 entry concerns sudoedit (sudo -e) on sudo 1.6.8, where a temporary file is opened with root privileges and can be read by local users through a symlink attack on the temporary file before quit. This is a local privilege issue affecting the sudoedit workflow, enabling access to a...
[SECURITY] [DSA 596-2] New sudo packages removes debug output
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-2] New sudo packages removes debug output
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-2 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-1 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
[SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 596-1 [email protected] http://www.debian.org/security/ Martin Schulze November 24th, 2004 http://www.debian.org/security/faq -...
Debian DSA-596-2 : sudo - missing input sanitising
Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently. Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system...
DSA-596-2 sudo - missing input sanitising
Bulletin has no description...
FreeBSD : sudo -- privilege escalation with bash scripts (190)
The following package needs to be updated: sudo %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgbdd1537b354c11d9a9e70001020eed82.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-200...
CVE-2004-1051
Technical details about CVE-2004-1051 are not publicly available in the provided documents. Monitor for updates as new information may be published.
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
USN-28-1: sudo vulnerability
Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "". For each of these variables a function with the same name is created, with the function body filled in from the environment...
Mandrake Linux Security Advisory : sudo (MDKSA-2004:133)
Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue...