sudo security update

1.8.25-4.0.1.el8.1 - Treat an ID of -1 as invalid since that means 'no change' Orabug: 30421281 CVE-2019-14287 - Add sudostrtoid tests for -1 and range errors. Orabug: 30421281...

Ubuntu 16.04 LTS / 18.04 LTS : Sudo vulnerability (USN-4154-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-4154-1 advisory. Joe Vennix discovered that Sudo incorrectly handled certain user IDs. An attacker could potentially exploit this to execute arbitrary commands as the...

Debian: Security Advisory (DSA-4543-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-4154-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for sudo (important)

openSUSE Security Update: Security update for sudo Announcement ID: openSUSE-SU-2019:2316-1 Rating: important References: 1153674 Cross-References: CVE-2019-14287 Affected Products: openSUSE Leap 15.1 An update that fixes one vulnerability is now available. Description: This update for sudo fixes...

sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports: When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run...

Debian DSA-4543-1 : sudo - security update

Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID -1 or...

openSUSE Security Update : sudo (openSUSE-2019-2316)

This update for sudo fixes the following issue : - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. This update was imported from the...

SUSE SLED15 / SLES15 Security Update : sudo (SUSE-SU-2019:2656-1)

This update for sudo fixes the following issue : CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674. Note that Tenable Network Security has...

Amazon Linux AMI : sudo (ALAS-2019-1309)

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if...

sudo 1.8.27 - Security Bypass

Exploit Title : sudo 1.8.27 - Security Bypass Date : 2019-10-15 Original Author: Joe Vennix Exploit Author : Mohin Paramasivam Shad0wQu35t Version : Sudo priv" os.system"cat priv | grep 'ALL' | cut -d '' -f 2...

[slackware-security] sudo

New sudo packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix a security issue. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/sudo-1.8.28-i586-1slack14.2.txz: Upgraded. Fixed a bug where an sudo user may be able to run a command as root when the...

CVE-2019-14287

A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction. Mitigation This vulnerability only affects...

[SECURITY] [DSA 4543-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4543-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 14, 2019 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4543-1] sudo security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4543-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso October 14, 2019 https://www.debian.org/security/faq -...

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Attention Linux Users! A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass issu...

Sudo Flaw Lets Linux Users Run Commands As Root Even When They're Restricted

Attention Linux Users! A new vulnerability has been discovered in Sudo —one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system. The vulnerability in question is a sudo security policy bypass iss...

SUSE-SU-2019:2656-1 Security update for sudo

This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers bsc1153674...

CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...

UBUNTU-CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "su...