6 results (0.006 seconds)

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y porque los valores no resisten los cambios de un solo bit. A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user. • https://arxiv.org/abs/2309.02545 https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ https://security.gentoo.org/glsa/202401-29 https://security.netapp.com/advisory/ntap-20240208-0002 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28487 https://bugzilla.redhat.com/show_bug.cgi?id=2179273 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28486 https://bugzilla.redhat.com/show_bug.cgi?id=2179272 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 12

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En Sudo anterior a 1.9.12p2, la función sudoedit (también conocida como -e) maneja mal argumentos adicionales pasados en las variables de entorno proporcionadas por el usuario (SUDO_EDITOR, VISUAL y EDITOR), permitiendo a un atacante local agregar entradas arbitrarias a la lista de archivos para procesar. . • https://www.exploit-db.com/exploits/51217 https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc https://github.com/Chan9Yan9/CVE-2023-22809 https://github.com/Toothless5143/CVE-2023-22809 https://github.com/3yujw7njai/CVE-2023-22809-sudo-POC https://github.com/pashayogi/CVE-2023-22809 https://github.com/M4fiaB0y/CVE-2023-22809 https://github.com/asepsaepdin/CVE-2023-22809 https://github.com/AntiVlad/CVE-2023-22809 http://packetstormsecurity.com/files/171644/sudo-1.9.12p • CWE-269: Improper Privilege Management •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. Sudo 1.8.0 a 1.9.12, con el backend de contraseña crypt(), contiene un error de matriz fuera de límites plugins/sudoers/auth/passwd.c que puede provocar una sobrelectura del búfer. Esto puede ser activado por usuarios locales arbitrarios con acceso a Sudo ingresando una contraseña de siete caracteres o menos. • https://bugzilla.redhat.com/show_bug.cgi?id=2139911 https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050 https://news.ycombinator.com/item?id=33465707 https://security.gentoo.org/glsa/202211-08 https://www.sudo.ws/security/advisories • CWE-125: Out-of-bounds Read •