Lucene search
K

6 matches found

F5 Networks
F5 Networks
added 2024/11/11 2:11 p.m.16 views

K000148482: Sudo vulnerability CVE-2019-19234

Security Advisory Description In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

7.5CVSS6.1AI score0.03258EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2021/03/10 12:0 a.m.25 views

NewStart CGSL MAIN 4.06 : sudo Multiple Vulnerabilities (NS-SA-2021-0001)

The remote NewStart CGSL host, running version MAIN 4.06, has sudo packages installed that are affected by multiple vulnerabilities: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a...

9CVSS7.7AI score0.99295EPSS
Exploits103References7
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.6 views

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to disable user authentication using a local password.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability could allow a malicious actor to disable user authentication using the local password...

7.8CVSS6.9AI score0.03258EPSS
Exploits0References10Affected Software3
BDU FSTEC
BDU FSTEC
added 2020/03/04 12:0 a.m.3 views

The vulnerability of the sudoer account in the Runas ALL system administration software allows a hacker to impersonate an existing user.

The vulnerability of the sudoer account in the Runas ALL system administration program is related to improper access control. Exploiting this vulnerability allows a malicious actor to impersonate an existing user...

7.8CVSS6.9AI score0.03295EPSS
Exploits0References10Affected Software4
Debian CVE
Debian CVE
added 2019/12/19 8:37 p.m.33 views

CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

7.5CVSS5.9AI score0.03295EPSS
Exploits0
Debian
Debian
added 2019/10/17 8:14 p.m.48 views

[SECURITY] [DLA 1964-1] sudo security update

Package : sudo Version : 1.8.10p3-1+deb8u6 CVE ID : CVE-2019-14287 Debian Bug : 942322 In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can caus...

9CVSS8.9AI score0.63917EPSS
Exploits10
Rows per page
Query Builder