4730 matches found
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
ALPINE-CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
Race condition
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
Code injection
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
CVE-2021-23240
CVE-2021-23240 affects sudoedit in sudo prior to 1.9.5. An unprivileged local user can replace a temporary file with a symlink to an arbitrary target, enabling a file-ownership escalation attack. Impact is described for SELinux RBAC environments in permissive mode; machines without SELinux are no...
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
CVE-2021-23240
selinuxeditcopytfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
CVE-2021-23239
The CVE-2021-23239 entry concerns the sudoedit personality in sudo up to version 1.9.4 (before 1.9.5). A race condition in sudoedit (sudo_edit.c) can allow a local, unprivileged user to determine directory existence by substituting a user-controlled directory with a symlink to an arbitrary path, ...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
Slackware 14.0 / 14.1 / 14.2 / current : sudo (SSA:2021-011-01)
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory 2021-011-01. The text itself is copyright C Slackware Linux,...
FreeBSD : sudo -- Potential information leak in sudoedit (6193b3f6-548c-11eb-ba01-206a8a720317)
Todd C. Miller reports : A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before...
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudoedit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path...
[slackware-security] sudo
New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/sudo-1.9.5-i586-1slack14.2.txz: Upgraded. This update fixes security issues: Potential information leak in sudoedit that...
Sudo Backlink Vulnerability
Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A backlink vulnerability exists in versions of sudo prior to 1.9.5, which can be exploited by an attacker to change the ownership of arbitrary files using sudoedit...
Sudo Backlink Vulnerability
Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A backlink vulnerability exists in versions of Sudo prior to 1.9.5 that allows an attacker to test for the existence of a directory anywhere on the file system...
EyesOfNetwork 5.3 Remote Code Execution / Privilege Escalation
Exploit Title: EyesOfNetwork 5.3 - RCE & PrivEsc Date: 10/01/2021 Exploit Author: Audencia Business SCHOOL Red Team Vendor Homepage: https://www.eyesofnetwork.com/en Software Link: http://download.eyesofnetwork.com/EyesOfNetwork-5.3-x8664-bin.iso Version: 5.3 Authentified Romote Code Execution fl...
ECSIMAGING PACS 6.21.5 - Remote code execution
Exploit Title: ECSIMAGING PACS 6.21.5 - Remote code execution Date: 06/01/2021 Exploit Author: shoxxdj Vendor Homepage: https://www.medicalexpo.fr/ Version: 6.21.5 and bellow tested on 6.21.5,6.21.3 Tested on: Linux ECSIMAGING PACS Application in 6.21.5 and bellow suffers from a OS Injection...