The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the sudo-debuginfo-1.7.2p1 package of the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out locally...

The vulnerability of the Red Hat Linux operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the sudo-1.6.5p2 package of the Red Hat Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the sudo package of the Gentoo Linux operating system up to version 1.7.2p4 can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality and integrity of protected information.

The vulnerability of the libssssudo-1.9.2 package of the Red Hat Enterprise Linux operating system can lead to violations of confidentiality and integrity of protected information. This vulnerability can be exploited remotely by a malicious individual who has completed the authentication process...

Vulnerabilities in the Debian GNU/Linux operating system that allow a local malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the sudo-ldap package of the Debian GNU/Linux operating system may be exploited, leading to breaches of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited by local malicious actors...

The vulnerability of the SUSE Linux Enterprise operating system allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the sudo package in the SUSE Linux Enterprise operating system can lead to breaches of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited by a malicious individual who has completed the authentication process...

Vulnerabilities of the Gentoo Linux operating system, which allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the sudo package of the Gentoo Linux operating system up to version 1.8.6p7 can lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

GLSA-201504-02 : sudo: Information disclosure

The remote host is affected by the vulnerability described in GLSA-201504-02 sudo: Information disclosure sudo does not handle the TZ environment variable properly. Impact : A local attacker may be able to read arbitrary files or information from device special files. Workaround : There is no kno...

sudo: Information disclosure

Background sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. Description sudo does not handle the TZ environment variable properly. Impact A local attacker may be able to read arbitrary files or...

Apple OS X present in the system can enhance the root access API Backdoor-vulnerability warning-the black bar safety net

0x00 summary Apple OS X system Admin framework presence can elevate the root permissions of the API to the back door, and has been in existence for many years, at least from the 2 0 1 1 years. I was in 2 0 1 4 years 1 0 months to discover he can be used to have any user permissions elevated to ro...

Barracuda Firmware 5.0.0.012 - (Authenticated) Remote Command Execution (Metasploit)

Barracuda Firmware 5.0.0.012 - Authenticated Remote Command Execution Metasploit Exploit Title: Barracuda Firmware 'Barracuda Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Firmware Version 'xort', metasploit module , 'Version' = '$Revision: 12345 $',...

Barracuda Firmware <= 5.0.0.012 reporting Post Auth Remote Root Exploit

This Metasploit module exploits a remote command execution vulnerability in Barracuda Firmware versions 5.0.0.012 and below by exploiting a vulnerability in the web administration interface. By sending a specially crafted request it's possible to inject system commands while escalating to root do...

Barracuda Firmware 5.0.0.012 Post-Auth Remote Root

Exploit Title: Barracuda Firmware 'Barracuda Firmware %q This module exploits a remote command execution vulnerability in the Barracuda Firmware Version 'xort', metasploit module , 'Version' = '$Revision: 12345 $', 'References' = 'none', 'none', , 'Platform' = 'linux', 'Privileged' = true, 'Arch'...

Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)

Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs...

Scientific Linux Security Update : glibc on SL7.x x86_64 (20150305)

An out-of-bounds read flaw was found in the way glibc's iconv function converted certain encoded data to UTF-8. An attacker able to make an application call the iconv function with a specially crafted argument could use this flaw to crash that application. CVE-2014-6040 It was found that the file...

Debian DLA-160-1 : sudo security update

This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the envreset option is disabled in the sudoers file, the envdelete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able t...

glibc, nscd security update

CentOS Errata and Security Advisory CESA-2015:0327 Updated glibc packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS bas...

Ubuntu 14.04 LTS : Sudo vulnerability (USN-2533-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2533-1 advisory. Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue ...

Ubuntu: Security Advisory (USN-2533-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-2533-1: Sudo vulnerability

Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions...