Page 4 of 23 results (0.005 seconds)

CVSS: 9.0EPSS: 32%CPEs: 47EXPL: 21

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro incorrecto, mediante la invocación sudo con un ID de usuario creado. Por ejemplo, esto permite la omisión de la configuración root y el registro USER= para un comando "sudo -u \#$((0xffffffff))". • https://www.exploit-db.com/exploits/47502 https://github.com/n0w4n/CVE-2019-14287 https://github.com/shallvhack/Sudo-Security-Bypass-CVE-2019-14287 https://github.com/CMNatic/Dockerized-CVE-2019-14287 https://github.com/axax002/sudo-vulnerability-CVE-2019-14287 https://github.com/N3rdyN3xus/CVE-2019-14287 https://github.com/DewmiApsara/CVE-2019-14287 https://github.com/MariliaMeira/CVE-2019-14287 https://github.com/edsonjt81/CVE-2019-14287- https://github.com/SachinthaDeSilva-cmd& • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •

CVSS: 7.0EPSS: 0%CPEs: 66EXPL: 0

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. La compatibilidad con SHA-2 digest en el plugin sudoers en sudo, en versiones posteriores a la 1.8.7, permite que usuarios locales con permisos de escritura en partes del comando llamado los reemplace antes de ejecutarlo. • http://www.openwall.com/lists/oss-security/2015/11/18/22 https://bugzilla.redhat.com/show_bug.cgi?id=1283635 https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195 https://www.sudo.ws/repos/sudo/rev/24a3d9215c64 https://www.sudo.ws/repos/sudo/rev/397722cdd7ec • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 0

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. La versión 1.8.20p1 y anteriores de sudo de Todd Miller es vulnerable a una validación de entradas (nuevas líneas embebidas) en la función get_process_ttyname() que da lugar a una revelación de información y la ejecución de comandos. It was found that the original fix for CVE-2017-1000367 was incomplete. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. • http://www.securityfocus.com/bid/98838 https://access.redhat.com/errata/RHSA-2017:1574 https://kc.mcafee.com/corporate/index?page=content&id=SB10205 https://security.gentoo.org/glsa/201710-04 https://usn.ubuntu.com/3968-1 https://usn.ubuntu.com/3968-2 https://www.sudo.ws/alerts/linux_tty.html https://access.redhat.com/security/cve/CVE-2017-1000368 https://bugzilla.redhat.com/show_bug.cgi?id=1459152 https://access.redhat.com/security/cve/CVE-2017-1000367 https:& • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 6

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Un Sudo de Todd Miller’s versión 1.8.20 y anteriores es vulnerable a una validación de entrada (espacios insertados) en la función get_process_ttyname(), resultando en la divulgación de información y la ejecución de comandos. A flaw was found in the way sudo parsed tty information from the process status file in the proc filesystem. A local user with privileges to execute commands via sudo could use this flaw to escalate their privileges to root. sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. • https://www.exploit-db.com/exploits/42183 https://github.com/c0d3z3r0/sudo-CVE-2017-1000367 https://github.com/homjxi0e/CVE-2017-1000367 http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00077.html http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00079.html http://packetstormsecurity.com/files/142783/Sudo-get_process_ttyname-Race-Condition.html http://seclists.org/fulldisclosure/2017/Jun/3 http& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-807: Reliance on Untrusted Inputs in a Security Decision •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. sudo en versiones anteriores a la 1.8.18p1 es vulnerable a una omisión en la restricción noexec de sudo si la aplicación que se ejecuta mediante sudo ejecuta la función de la biblioteca de C wordexp() con un argumento proporcionado por el usuario. Un usuario local que pueda ejecutar tal aplicación mediante sudo con la restricción noexec podría emplear este error para ejecutar comandos arbitrarios con privilegios elevados. It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. • http://rhn.redhat.com/errata/RHSA-2016-2872.html http://www.securityfocus.com/bid/95778 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076 https://security.netapp.com/advisory/ntap-20181127-0002 https://usn.ubuntu.com/3968-1 https://usn.ubuntu.com/3968-3 https://www.sudo.ws/alerts/noexec_wordexp.html https://access.redhat.com/security/cve/CVE-2016-7076 https://bugzilla.redhat.com/show_bug.cgi?id=1384982 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-184: Incomplete List of Disallowed Inputs •