Download
| Alert*
oval:org.secpod.oval:def:604731
Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the pwfeedback option enabled. An unprivileged user can take advantage of this flaw to obtain full root privilege ... oval:org.secpod.oval:def:89000258 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers . Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `list ... oval:org.secpod.oval:def:205440 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:1601118 In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. The attacker needs to deliver a long string to the stdin of getln in tgetpass.c oval:org.secpod.oval:def:89000013 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers . Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `list ... oval:org.secpod.oval:def:2106049 Oracle Solaris 11 - ( CVE-2019-18634 ) oval:org.secpod.oval:def:117893 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:1700314 In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. The attacker needs to deliver a long string to the stdin of getln in tgetpass.c. oval:org.secpod.oval:def:89000208 This update for sudo fixes the following issue: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers . oval:org.secpod.oval:def:503547 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:503525 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:1504067 [1.8.25p1-8.1] - RHEL 8.1.0.Z ERRATUM - CVE-2019-18634 Resolves: rhbz#1798092 oval:org.secpod.oval:def:60984 The host is installed with Apple Mac OS X 10.13.6, 10.14.6 or 10.15.2 and is prone to a buffer overflow vulnerability. A flaw is present in the application, which fails to properly handle a memory related issue. Successful exploitation allows an attacker to execute arbitrary code. oval:org.secpod.oval:def:61798 sudo: Provide limited super user privileges to specific users Sudo could allow unintended access to the administrator account. oval:org.secpod.oval:def:1502824 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502802 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:66521 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:705365 sudo: Provide limited super user privileges to specific users Sudo could allow unintended access to the administrator account. oval:org.secpod.oval:def:89000467 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-18634: Fixed a buffer overflow in the passphrase prompt that could occur when pwfeedback was enabled in /etc/sudoers . Non-security issue fixed: - Fixed an issue where sudo -l would ask for a password even though `list ... oval:org.secpod.oval:def:205457 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:503519 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:61763 Joe Vennix discovered a stack-based buffer overflow vulnerability in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the "pwfeedback" option enabled. An unprivileged user can take advantage of this flaw to obtain full ro ... oval:org.secpod.oval:def:60956 The host is missing a security update according to Apple advisory, APPLE-SA-2020-1-28-2. The update is required to fix multiple vulnerabilities. The flaws are present in the application, which fails to handle crafted data. Successful exploitation allows remote attackers to execute arbitrary code or ... |