Malicious Package in 4equest

All versions of 4equest typosquatted a popular package of similar name and tracked users who had installed the incorrect package. The package uploaded information to a remote server including: name of the downloaded package, name of the intended package, the Node version and whether the process w...

Security fix for the ALT Linux 8 package sudo version 1:1.8.31p2-alt1

Aug. 30, 2020 Evgeny Sinelnikov 1:1.8.31p2-alt1 - Update to latest release Fixes: CVE-2019-18634...

Security Bulletin: Multiple vulnerabilities in expat, nss,  bind ,  policycoreutils, sudo shipped with  SmartCloud Entry Appliance

Summary Multiple vulnerabilities have been idintified in Expat, nss, ISC BIND , policycoreutils and sudo libraries shipped with SmartCloud Entry Appliance. SmartCloud Entry Appliance has addressed the vulnerabilities. Vulnerability Details CVEID: CVE-2016-0718 DESCRIPTION: Expat is vulnerable to ...

Security Bulletin: Multiple vulnerabilities in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util affect IBM SmartCloud Entry

Summary Multiple vulnerabilities have been identified in coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util. coreutils, sudo, jasper, bind, bash, libtirpc, nss and nss-util shipped with IBM SmartCloud Entry Appliance. IBM SmartCloud Entry Appliance has addressed the vulnerabilities...

Security Bulletin: Multiple vulnerabilities in sudo, glibc affect IBM SmartCloud Entry (CVE-2017-1000368 CVE-2017-1000366)

Summary Multiple vulnerabilities have been identified in sudo and glibc. Sudo and glibc are used by IBM SmartCloud Entry. IBM SmartCloud Entry has addressed the vulnerabilities Vulnerability Details CVEID: CVE-2017-1000368 DESCRIPTION: sudo could allow a local attacker to gain elevated privileges...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1785)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - DISPUTED In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1662)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

CVE-2020-12850

The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF such as version 2.0.3 have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the...

Updated sudo packages fix security vulnerability

Updated sudo packages fix security vulnerabilities: It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how...

Impost3r - A Linux Password Thief

Impost3r is a tool that aim to steal many kinds of linux passwordsincluding ssh,su,sudo written by C. Attackers can use Impost3r to make a trap to steal the legal user's passwords XD This tool is limited to security research and teaching, and the user bears all legal and related responsibilities...

Design/Logic Flaw

In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user can execute sudo mysql without a password, which means that the www-data user can execute arbitrary OS commands via the mysql -e option...

EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1564)

According to the versions of the sudo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of various URI components in the URL parser could be used ...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1564)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user

It was found that sudo always allowed commands to be run with unknown user or group ids if the sudo configuration allowed it for example via the "ALL" alias. This could allow sudo to impersonate non-existent account and depending on how applications are configured, could lead to certain restricti...

Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2020-1435)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP3 : sudo (EulerOS-SA-2020-1435)

According to the versions of the sudo package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric ui...

Privilege Escalation

sudo is vulnerable to privilege escalation. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified...

Privilege Escalation

The sudo superuser do utility is vulnerable to Privilege Escalation. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user an...