Sudo 1.7.2p5 Local Privilege Escalation

Security Advisory @ Mediaservice.net Srl 02, 19/04/2010 Data Security Division Title: sudoedit local privilege escalation through PATH manipulation Application: sudo Maurizio Agazzini Vendor Status: sudo team notified on 26/03/2010 CVE Candidate: The Common Vulnerabilities and Exposures project h...

Sudo sudoedit路径解析本地权限提升漏洞

BUGTRAQ ID: 39468 CVE ID: CVE-2010-1163 Sudo是一款允许用户以其他用户权限安全的执行命令的程序，广泛使用在Linux和Unix操作系统下。...

DEBIAN-CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a...

Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : sudo vulnerability (USN-928-1)

Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot '.'. If securepath and ignoredot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the...

FreeBSD : sudo -- Privilege escalation with sudoedit (1a9f678d-48ca-11df-85f8-000c29a67389)

Todd Miller reports : Sudo's command matching routine expects actual commands to include one or more slash '/' characters. The flaw is that sudo's path resolution code did not add a './' prefix to commands found in the current working directory. This creates an ambiguity between a 'sudoedit'...

Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4

No description provided by source. !/bin/sh Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 local root exploit March 2010 automated by kingcope Full Credits to Slouching echo Tod Miller Sudo local root exploit echo by Slouching echo automated by kingcope if $ != 1 then echo "usage:...

(Tod Millers) SudoSudoEdit 1.6.9p211.7.2p4 - Local Privilege Escalation

Tod Millers SudoSudoEdit 1.6.9p211.7.2p4 - Local Privilege Escalation !/bin/sh Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 local root exploit March 2010 automated by kingcope Full Credits to Slouching echo Tod Miller Sudo local root exploit echo by Slouching echo automated by...

(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Local Privilege Escalation

!/bin/sh Tod Miller Sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4 local root exploit March 2010 automated by kingcope Full Credits to Slouching echo Tod Miller Sudo local root exploit echo by Slouching echo automated by kingcope if $ != 1 then echo "usage: ./sudoxpl.sh " exit fi cd /tmp cat...

Ubuntu Update for sudo vulnerabilities USN-905-1

Ubuntu Update for Linux kernel vulnerabilities USN-905-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN9051.nasl 7965 2017-12-01 07:38:25Z santu $ Ubuntu Update for sudo vulnerabilities USN-905-1 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH,...

FreeBSD : sudo -- Privilege escalation with sudoedit (018a84d0-2548-11df-b4a3-00e0815b8da8)

Todd Miller reports : When sudo performs its command matching, there is a special case for pseudo-commands in the sudoers file currently, the only pseudo-command is sudoedit. Unlike a regular command, pseudo-commands do not begin with a slash '/'. The flaw is that sudo's the matching code would...

sudo: sudoedit option can possibly allow for arbitrary code execution

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

DEBIAN-CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt7

Feb. 23, 2010 Dmitry V. Levin 1:1.6.8p12-alt7 - Backported upstream fix for CVE-2010-0426 a flaw in sudoedit could give a user with permission to run sudoedit the ability to run arbitrary commands; envreset sudoers option had to be explicitly disabled to make an attack possible...

sudo -- Privilege escalation with sudoedit

Todd Miller reports: When sudo performs its command matching, there is a special case for pseudo-commands in the sudoers file currently, the only pseudo-command is sudoedit. Unlike a regular command, pseudo-commands do not begin with a slash '/'. The flaw is that sudo's the matching code would on...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2004-1689

sudoedit aka sudo -e in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit...

CVE-2004-1689

sudoedit aka sudo -e in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit...

CVE-2004-1689

The CVE-2004-1689 entry concerns sudoedit (sudo -e) on sudo 1.6.8, where a temporary file is opened with root privileges and can be read by local users through a symlink attack on the temporary file before quit. This is a local privilege issue affecting the sudoedit workflow, enabling access to a...

sudoedit can expose protected file contents

Overview Sudo's -e option sudoedit improperly handles temporary files, allowing an attacker to read files that would otherwise be inaccessible. Description Sudo is a utility that allows specific users to run certain commands as root. Beginning with version 1.6.8, sudo provides safe editing...

FreeBSD : sudo -- sudoedit information disclosure (189)

The following package needs to be updated: sudo %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkga268ef4a0b3511d98a8a000c41e2cdad.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright 2003-200...