18 matches found
EUVD-2014-9490
Malware in sbrugna...
EUVD-2006-5541
Malware in sbrugna...
EUVD-2017-16497
Malware in sbrugna...
RHEL 5 : sudo (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - sudo: noexec bypass via wordexp CVE-2016-7076 - sudo before 1.8.12 does not ensure that the TZ environmen...
Mageia: Security Advisory (MGASA-2015-0079)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2016:2904-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Heap overflow
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...
CVE-2017-7476
Gnulib before 2017-04-26 contains a heap-based buffer overflow in the save_abbr function in time_rz.c triggered by the TZ environment variable. This vulnerability can lead to arbitrary code execution or crash conditions, as described in multiple sources (e.g., CNVD-2017-06995; NVD CVE-2017-7476)....
CVE-2017-7476
Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ environment variable. The error is in the saveabbr function in timerz.c...
openSUSE Security Update : sudo (openSUSE-2016-1402)
This update for sudo fixes the following security issues : - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...
SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2904-1)
This update for sudo fixes the following security issues : - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality : - noexec bypass via system and popen CVE-2016-7032, bsc1007766 - noexec bypass via wordexp CVE-2016-7076, bsc1007501 - Fix unsafe handling of TZ...
openSUSE Security Update : sudo (openSUSE-2015-703)
sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable bsc917806. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Upda...
Gentoo Security Advisory GLSA 201504-02
Gentoo Linux Local Security Checks GLSA 201504-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...
RedHat Update for sudo RHSA-2015:1409-01
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)
Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs...
Ubuntu 14.04 LTS : Sudo vulnerability (USN-2533-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2533-1 advisory. Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue ...
Updated sudo packages fix CVE-2014-9680
Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs ...
CVE-2006-5556
Buffer overflow in the localtimer function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable...