MacOS X privilege escalation

If short after sudo command computer was switched to sleep mode, it's still possible to use elevated privileges immediately after turning on again...

[Full-Disclosure] Vulnerability in Terminal.app

There is a vulnerability in Apple's Terminal.app for OS X which affects Apple laptops. When running from the Terminal within the Unix shell, the command sudo normally will not prompt for a password for five minutes after the password was last given. The vulnerability occurs when putting an Apple...

CVE-2002-0184

The CVE-2002-0184 entry describes a local privilege-escalation in sudo prior to version 1.6.6 due to an off-by-one/doorknob in the heap-based overflow during prompt ( -p ) handling. The flaw is triggered by special characters in the -p prompt, which are not properly expanded, allowing a local use...

CVE-2002-0184

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p prompt argument, which are not properly expanded...

CVE-2002-0043

This CVE affects sudo versions 1.6.0–1.6.3p7. The issue is that sudo does not properly clear the environment before calling the mail program, allowing a local user to gain root privileges by manipulating environment variables and how the mail program is invoked. Documented impact is local privile...

CVE-2001-1240

The CVE-2001-1240 entry concerns Engarde Secure Linux 1.0.1 where the default sudo configuration allows any user in the admin group to execute certain commands that could yield full root access. The documents confirm the affected component is the sudo configuration on Engarde Secure Linux 1.0.1 a...

CVE-2001-1240

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access...

CVE-2002-0043

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked...

CVE-2002-0184

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p prompt argument, which are not properly expanded...

sudo vulnerable to heap corruption via -p parameter

Overview Sudo is susceptible to a locally exploitable heap overflow vulnerability. Description Sudo is a common utility used to allow a system administrator to give users or groups of users rights to run certain programs as root or as another user. A locally exploitable heap overflow can lead to...

[SECURITY] [DSA-128-1] sudo buffer overflow

Package : sudo Problem type : buffer overflow Debian-specific: no fc found a buffer overflow in the variable expansion code used by sudo for its prompt. Since sudo is necessarily installed suid root a local user can use this to gain root access. This has been fixed in version 1.6.2-2.2 and we...

sudo upgrade fixes a potential vulnerability

New sudo packages are available to fix a security problem which may allow users to become root, or to execute arbitrary code as root. Here's the information from the Slackware 8.0 ChangeLog: ---------------------------- Thu Apr 25 12:00:50 PDT 2002 patches/packages/sudo.tgz: Upgraded to sudo-1.6....

[Global InterSec 2002041701] Sudo Password Prompt Vulnerability.

Global InterSec LLC http://www.globalintersec.com GIS Advisory ID: 2002041701 Changed: 25/04/2002 Author: [email protected] Reference: http://www.globalintersec.com/adv/sudo-2002041701.txt Summary: Sudo - A popular utility for allowing users to execute commands as other users contains a...

Heap overflow in sudo

Heap overflow in -p switch processing...

PT-2002-1032 · Sudo · Sudo

Name of the Vulnerable Software and Affected Versions: sudo versions prior to 1.6.6 Description: The issue is caused by an off-by-one error that can result in a heap-based buffer overflow. This may allow local users to gain root privileges via special characters in the -p prompt argument, which a...

CVE-2002-0043

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked...

FreeBSD-SA-02:06.sudo

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:06 Security Advisory FreeBSD, Inc. Topic: sudo port may enable local privilege escalation Category: ports Module: sudo Announced: 2002-01-16 Credits: Sebastian Krahmer...

SuSE Security Announcement: sudo (SuSE-SA:2002:002)

-----BEGIN PGP SIGNED MESSAGE----- SuSE Security Announcement Package: sudo Announcement-ID: SuSE-SA:2002:002 Date: Mon Jan 14 13:00:00 CET 2002 Affected SuSE versions: 7.0, 7.1, 7.2, 7.3 Vulnerability Type: local privilege escalation Severity 1-10: 5 SuSE default package: yes Other affected...

[SECURITY] [DSA 101-1] New sudo packages fix local root exploit

-------------------------------------------------------------------------- Debian Security Advisory DSA 101-1 [email protected] http://www.debian.org/security/ Martin Schulze January 14th, 2002 - -------------------------------------------------------------------------- Package : sudo...

Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation

Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation source: https://www.securityfocus.com/bid/3871/info Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems. It is maintained by Todd C. Miller. Under some...