K000148482: Sudo vulnerability CVE-2019-19234

Security Advisory Description In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

NewStart CGSL MAIN 4.06 : sudo Multiple Vulnerabilities (NS-SA-2021-0001)

The remote NewStart CGSL host, running version MAIN 4.06, has sudo packages installed that are affected by multiple vulnerabilities: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is a...

CVE-2019-19232

In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as ...

[SECURITY] [DLA 1964-1] sudo security update

Package : sudo Version : 1.8.10p3-1+deb8u6 CVE ID : CVE-2019-14287 Debian Bug : 942322 In sudo, a program that provides limited super user privileges to specific users, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can caus...