Download
| Alert*
oval:org.secpod.oval:def:2500927
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. oval:org.secpod.oval:def:4501184 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:707893 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:2600134 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. oval:org.secpod.oval:def:5800007 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:88460 Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle "--" to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage ... oval:org.secpod.oval:def:1506381 [1.8.23-10.3] RHEL 7.9.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161222 oval:org.secpod.oval:def:1601636 In Sudo before 1.9.12p2, the sudoedit feature mishandles extra arguments passed in the user-provided environment variables , allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. T ... oval:org.secpod.oval:def:507500 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:507487 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:124878 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:1701205 In Sudo before 1.9.12p2, the sudoedit feature mishandles extra arguments passed in the user-provided environment variables , allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. T ... oval:org.secpod.oval:def:1506384 [1.8.29.8.1] RHEL 8.7.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161220 oval:org.secpod.oval:def:124958 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:1506365 [1.9.5p2-7.1] RHEL 9.1.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161224 oval:org.secpod.oval:def:89048138 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:1506464 [1.8.6p3-29.0.4.el6_10.3] - Fixed Privilege escalation CVE-2023-22809 for sudoedit [Orabug: 35037922] oval:org.secpod.oval:def:89048137 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:86997 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:89048134 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:86996 A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file ... oval:org.secpod.oval:def:88479 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:86995 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affecte ... oval:org.secpod.oval:def:89048140 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . Other fixes: - Fixed a potential crash while using the sssd plugin . oval:org.secpod.oval:def:92915 The host is installed with Apple Mac OS 13 before 13.4 and is prone to a privilege escalation vulnerability. A flaw is present in the application, which fails to properly handle sudo. On successful exploitation, an app may be able to elevate privileges. oval:org.secpod.oval:def:507495 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:2107204 Oracle Solaris 11 - ( CVE-2023-22809 ) oval:org.secpod.oval:def:19500016 Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The ... oval:org.secpod.oval:def:507477 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:206007 Security Fix: sudo: arbitrary file write with privileges of the RunAs user For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. oval:org.secpod.oval:def:610353 Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle "--" to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage ... oval:org.secpod.oval:def:3300144 SUSE Security Update: Security update for sudo oval:org.secpod.oval:def:89048147 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . Other fixes: - Fixed a potential crash while using the sssd plugin . oval:org.secpod.oval:def:88503 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:89048143 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:97707 [CLSA-2023:1675985571] sudo: Fix of CVE-2023-22809 oval:org.secpod.oval:def:89848 The host is missing a security update according to Apple advisory. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle multiple issues. Successful exploitation allow attackers to execute arbitrary code, cause denial of service or di ... |