Download
| Alert*
oval:org.secpod.oval:def:204513
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:204512 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:89044752 This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for ho ... oval:org.secpod.oval:def:1700229 When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.This can be used by a user with sufficient sudo privileges to run commands as root even if the ... oval:org.secpod.oval:def:602910 The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 . A sudoers user can take advantage of this flaw on an SELinux-enabled ... oval:org.secpod.oval:def:112437 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-hos ... oval:org.secpod.oval:def:502045 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:112440 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:1600706 A flaw was found in the way sudo parsed tty information from the processstatus file in the proc filesystem. A local user with privileges to executecommands via sudo could use this flaw to escalate their privileges to root. oval:org.secpod.oval:def:1501893 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:51804 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:703628 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:1501886 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501887 The advisory is missing the security advisory description. For more information please visit the reference link |