Download
| Alert*
|
oval:org.secpod.oval:def:501894
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the default sudo configur ... oval:org.secpod.oval:def:1501645 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the default sudo configur ... oval:org.secpod.oval:def:500345 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the ... oval:org.secpod.oval:def:201890 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the ... oval:org.secpod.oval:def:201816 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the ... oval:org.secpod.oval:def:201904 The sudo utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. ... oval:org.secpod.oval:def:201835 The sudo utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. ... oval:org.secpod.oval:def:500470 The sudo utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the "/etc/sudoers" configuration file. ... oval:org.secpod.oval:def:500307 The sudo utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly lev ... oval:org.secpod.oval:def:201735 The sudo utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly lev ... oval:org.secpod.oval:def:201841 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the ... oval:org.secpod.oval:def:500371 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the ... oval:org.secpod.oval:def:201805 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the ... oval:org.secpod.oval:def:201802 The sudo utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly lev ... oval:org.secpod.oval:def:1601290 A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts ... oval:org.secpod.oval:def:700860 sudo: Provide limited super user privileges to specific users Sudo could allow users to run arbitrary programs as the administrator. oval:org.secpod.oval:def:1801645 sudo is installed oval:org.secpod.oval:def:89045125 This update for sudo fixes the following issues: - Fix two security vulnerabilities that allowed users to bypass sudo"s NOEXEC functionality: * noexec bypass via system and popen [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp [CVE-2016-7076, bsc#1007501] - The SSSD plugin would occasionall ... oval:org.secpod.oval:def:89045317 This update for sudo fixes the following issues: - fix two security vulnerabilities that allowed users to bypass sudo"s NOEXEC functionality: * noexec bypass via system and popen [CVE-2016-7032, bsc#1007766] * noexec bypass via wordexp [CVE-2016-7076, bsc#1007501] oval:org.secpod.oval:def:503431 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:602339 When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit arbitrary files. Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wi ... oval:org.secpod.oval:def:109873 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:109666 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:110600 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:202394 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ... oval:org.secpod.oval:def:702455 sudo: Provide limited super user privileges to specific users Sudo would allow unintended access to files. oval:org.secpod.oval:def:110866 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:204157 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:204159 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the default sudo configur ... oval:org.secpod.oval:def:110618 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:89003475 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:203050 sudo is installed oval:org.secpod.oval:def:89003116 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:66491 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:89003222 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:110872 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:204525 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:600813 It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command. oval:org.secpod.oval:def:701674 sudo is installed oval:org.secpod.oval:def:202419 The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package"s post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack ... oval:org.secpod.oval:def:500866 The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package"s post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack ... oval:org.secpod.oval:def:202395 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ... oval:org.secpod.oval:def:204053 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:204243 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ ... oval:org.secpod.oval:def:3301192 SUSE Security Update: Security update for sudo oval:org.secpod.oval:def:89050641 This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:500735 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to promp ... oval:org.secpod.oval:def:500135 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to promp ... oval:org.secpod.oval:def:119313 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:119320 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:117210 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:111605 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:111636 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:4501242 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: symbolic link attack in SELinux-enabled su ... oval:org.secpod.oval:def:2500487 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. oval:org.secpod.oval:def:73598 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: symbolic link attack in SELinux-enabled su ... oval:org.secpod.oval:def:1504907 [1.8.29-7] - RHEL 8.4 ERRATUM - CVE-2021-3156 Resolves: rhbz#1917734 - CVE-2021-23239 sudo: possible directory existence test due to race condition in sudoedit Resolves: rhzb#1916434 - CVE-2021-23240 sudo: symbolic link attack in SELinux-enabled sudoedit Resolves: rhbz#1917038 - updated upstream url ... oval:org.secpod.oval:def:500846 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with s ... oval:org.secpod.oval:def:1600292 A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim"s passwo ... oval:org.secpod.oval:def:1500246 An updated sudo package that fixes multiple security issues and several bugs is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detailed severity ratings ... oval:org.secpod.oval:def:1503878 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is avai ... oval:org.secpod.oval:def:600985 Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-1775 Marco Schoepl discovered an authentication bypass when the clock is ... oval:org.secpod.oval:def:701200 sudo: Provide limited super user privileges to specific users Sudo could be made to run programs as the administrator without a password prompt. oval:org.secpod.oval:def:1500311 An updated sudo package that fixes two security issues, several bugs, and adds two enhancements is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System base scores, which give detail ... oval:org.secpod.oval:def:203049 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use t ... oval:org.secpod.oval:def:701611 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:1500408 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available ... oval:org.secpod.oval:def:89044767 This update for sudo fixes the following security issue: - CVE-2017-1000368: A follow-up fix to CVE-2017-1000367, the Linux process name could also contain a newline, which could be used to trick sudo to read/write to an arbitrary open terminal. Also the following non security bug was fixed: - Link ... oval:org.secpod.oval:def:55017 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:204524 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:89045014 This update for sudo fixes the following issues: - A regression in the fix for the CVE-2017-1000368 that broke sudo with the requiretty flag oval:org.secpod.oval:def:204526 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:204513 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:204512 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:89044752 This update for sudo fixes the following issues: CVE-2017-1000367: - Due to incorrect assumptions in /proc/[pid]/stat parsing, a local attacker can pretend that his tty is any file on the filesystem, thus gaining arbitrary file write access on SELinux-enabled systems. [bsc#1039361] - Fix FQDN for ho ... oval:org.secpod.oval:def:501098 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ... oval:org.secpod.oval:def:501143 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ... oval:org.secpod.oval:def:52425 sudo: Provide limited super user privileges to specific users Sudo would allow unintended access to files. oval:org.secpod.oval:def:69434 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges ... oval:org.secpod.oval:def:108439 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:1501100 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-hos ... oval:org.secpod.oval:def:501621 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ ... oval:org.secpod.oval:def:501195 The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use t ... oval:org.secpod.oval:def:108450 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:502054 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was found that the original fix for CVE-2017- ... oval:org.secpod.oval:def:501945 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:1600731 It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root oval:org.secpod.oval:def:1600489 It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed system or popen C library functions with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could use this flaw to execute arbitrary ... oval:org.secpod.oval:def:1501693 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:1501694 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * It was discovered that the sudo noexec restricti ... oval:org.secpod.oval:def:1901528 sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute ... oval:org.secpod.oval:def:54576 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:1501903 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501902 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501906 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1901858 Todd Miller"s sudo version 1.8.20p1 and earlier is vulnerable to an input validation in the get_process_ttyname function resulting in information disclosure and command execution. oval:org.secpod.oval:def:1501893 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1600706 A flaw was found in the way sudo parsed tty information from the processstatus file in the proc filesystem. A local user with privileges to executecommands via sudo could use this flaw to escalate their privileges to root. oval:org.secpod.oval:def:602910 The Qualys Security team discovered that sudo, a program designed to provide limited super user privileges to specific users, does not properly parse "/proc/[pid]/stat" to read the device number of the tty from field 7 . A sudoers user can take advantage of this flaw on an SELinux-enabled ... oval:org.secpod.oval:def:703628 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:112440 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:112437 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-hos ... oval:org.secpod.oval:def:502045 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * A flaw was found in the way sudo parsed tty info ... oval:org.secpod.oval:def:51804 sudo: Provide limited super user privileges to specific users Sudo could be made to overwrite files as the administrator. oval:org.secpod.oval:def:1501886 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1501887 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:59044 A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction. oval:org.secpod.oval:def:69915 Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 42949672 ... oval:org.secpod.oval:def:59581 Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 42949672 ... oval:org.secpod.oval:def:59592 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:1502710 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:705235 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:500632 The sudo utility allows system administrators to give certain users the ability to run commands as root with logging. A flaw was discovered in a way sudo handled group specifications in "run as" lists in the sudoers configuration file. If sudo configuration allowed a user to run commands ... oval:org.secpod.oval:def:97539 [CLSA-2021:1625650209] Fixed CVE-2021-23240 in sudo oval:org.secpod.oval:def:2500927 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. oval:org.secpod.oval:def:2600134 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. oval:org.secpod.oval:def:1506381 [1.8.23-10.3] RHEL 7.9.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161222 oval:org.secpod.oval:def:507500 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:1506384 [1.8.29.8.1] RHEL 8.7.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161220 oval:org.secpod.oval:def:86997 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:86996 A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file ... oval:org.secpod.oval:def:86995 In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affecte ... oval:org.secpod.oval:def:97707 [CLSA-2023:1675985571] sudo: Fix of CVE-2023-22809 oval:org.secpod.oval:def:507477 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:507487 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:124958 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:507495 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:610353 Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle "--" to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage ... oval:org.secpod.oval:def:3300144 SUSE Security Update: Security update for sudo oval:org.secpod.oval:def:88460 Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle "--" to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage ... oval:org.secpod.oval:def:1506464 [1.8.6p3-29.0.4.el6_10.3] - Fixed Privilege escalation CVE-2023-22809 for sudoedit [Orabug: 35037922] oval:org.secpod.oval:def:89048138 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:89048137 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:89048134 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:4501184 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:707893 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:5800007 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: arbitrary file write with privileges of th ... oval:org.secpod.oval:def:1701205 In Sudo before 1.9.12p2, the sudoedit feature mishandles extra arguments passed in the user-provided environment variables , allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. T ... oval:org.secpod.oval:def:1506365 [1.9.5p2-7.1] RHEL 9.1.0.Z ERRATUM - CVE-2023-22809 sudo: arbitrary file write with privileges of the RunAs user Resolves: rhbz#2161224 oval:org.secpod.oval:def:88479 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:89048140 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . Other fixes: - Fixed a potential crash while using the sssd plugin . oval:org.secpod.oval:def:19500016 Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The ... oval:org.secpod.oval:def:89048147 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . Other fixes: - Fixed a potential crash while using the sssd plugin . oval:org.secpod.oval:def:89048143 This update for sudo fixes the following issues: - CVE-2023-22809: Fixed an arbitrary file write issue that could be exploited by users with sudoedit permissions . oval:org.secpod.oval:def:88503 sudo: Provide limited super user privileges to specific users Several security issues were fixed in Sudo. oval:org.secpod.oval:def:97531 [CLSA-2021:1611743864] Fix CVE-2021-3156: Heap-based buffer overflow in sudo oval:org.secpod.oval:def:69585 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Heap buffer overflow in argument parsing ... oval:org.secpod.oval:def:506844 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Heap buffer overflow in argument parsing ... oval:org.secpod.oval:def:1700547 When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command"s arguments with a backslash. The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy if the command is ... oval:org.secpod.oval:def:89047251 This update for sudo fixes the following issues: - A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156] - It was possible for a user to test for the existence of a directory due to a Race Condition in `sudoedit` [bsc#1180684,CVE- ... oval:org.secpod.oval:def:1504611 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:2500262 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. oval:org.secpod.oval:def:19500107 Sudo before 1.9.13p2 has a double free in the per-command chroot feature oval:org.secpod.oval:def:1701851 Sudo before 1.9.13 does not escape control characters in log messages. Sudo before 1.9.13 does not escape control characters in sudoreplay output oval:org.secpod.oval:def:1702108 Sudo before 1.9.15 might allow row hammer attacks because application logic sometimes is based on not equaling an error value , and because the values do not resist flips of a single bit oval:org.secpod.oval:def:1702155 The description of this advisory is forthcoming. oval:org.secpod.oval:def:66521 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:705365 sudo: Provide limited super user privileges to specific users Sudo could allow unintended access to the administrator account. oval:org.secpod.oval:def:205440 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Stack based buffer overflow when pwfeedbac ... oval:org.secpod.oval:def:89048578 This update for sudo fixes the following issue: Security fixes: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . Other fixes: * Fix a situation where "sudo -U otheruser -l" would dereferen ... oval:org.secpod.oval:def:19500596 Sudo before 1.9.15 might allow row hammer attacks because application logic sometimes is based on not equaling an error value , and because the values do not resist flips of a single bit oval:org.secpod.oval:def:89048607 This update for sudo fixes the following issues: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . oval:org.secpod.oval:def:89048686 This update for sudo fixes the following issue: Security issues: * CVE-2023-28486: Fixed sudo does not escape control characters in log messages. * CVE-2023-28487: Fixed sudo does not escape control characters in sudoreplay output. * CVE-2023-27320: Fixed a potential security issue with a double f ... oval:org.secpod.oval:def:3302468 Security update for sudo oval:org.secpod.oval:def:19500200 Sudo before 1.9.13p2 has a double free in the per-command chroot feature oval:org.secpod.oval:def:3302456 Security update for sudo oval:org.secpod.oval:def:89048501 This update for sudo fixes the following issue: Security fixes: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . Other fixes: * Fix a situation where "sudo -U otheruser -l" would dereferen ... oval:org.secpod.oval:def:89048534 This update for sudo fixes the following issue: Security fixes: * CVE-2023-28486: Fixed missing control characters escaping in log messages . * CVE-2023-28487: Fixed missing control characters escaping in sudoreplay output . Other fixes: * Fix a situation where "sudo -U otheruser -l" would dereferen ... oval:org.secpod.oval:def:509060 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Bug Fix and Enhancement: CVE-2023-28487 sudo: Sudo does not esca ... oval:org.secpod.oval:def:127192 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:89051613 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051626 This update for sudo fixes the following issues: NOTE: This update has been retracted, as some logic was not changed correctly. * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051615 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051634 This update for sudo fixes the following issues: NOTE: This update has been retracted as some logic was not correct. * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051619 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051621 This update for sudo fixes the following issues: NOTE: This update has been retracted as the fix broke some functionality. * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051618 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051624 This update for sudo fixes the following issues: NOTE: This update has been retracted as some sudo functionality was changed incorrectly. * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . oval:org.secpod.oval:def:89051646 This update for sudo fixes the following issues: * CVE-2023-42465: Try to make sudo less vulnerable to ROWHAMMER attacks . Fixed issues introduced by first patches for CVE-2023-42465 . oval:org.secpod.oval:def:89051652 This update for sudo fixes the following issues: * CVE-2023-42465: Fixed issues introduced by first patches . oval:org.secpod.oval:def:89051649 This update for sudo fixes the following issues: * CVE-2023-42465: Fixed issues introduced by first patches . oval:org.secpod.oval:def:89051665 This update for sudo fixes the following issues: * CVE-2023-42465: Fixed issues introduced by first patches . oval:org.secpod.oval:def:89051668 This update for sudo fixes the following issues: * CVE-2023-42465: Fixed issues introduced by first patches . |
