Page 4 of 26 results (0.010 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. sudo en versiones anteriores a la 1.8.18p1 es vulnerable a una omisión en la restricción noexec de sudo si la aplicación que se ejecuta mediante sudo ejecuta la función de la biblioteca de C wordexp() con un argumento proporcionado por el usuario. Un usuario local que pueda ejecutar tal aplicación mediante sudo con la restricción noexec podría emplear este error para ejecutar comandos arbitrarios con privilegios elevados. It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. • http://rhn.redhat.com/errata/RHSA-2016-2872.html http://www.securityfocus.com/bid/95778 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076 https://security.netapp.com/advisory/ntap-20181127-0002 https://usn.ubuntu.com/3968-1 https://usn.ubuntu.com/3968-3 https://www.sudo.ws/alerts/noexec_wordexp.html https://access.redhat.com/security/cve/CVE-2016-7076 https://bugzilla.redhat.com/show_bug.cgi?id=1384982 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." sudoedit en Sudo en versiones anteriores a 1.8.15 permite a usuarios locales obtener privilegios a través de un ataque de enlaces simbólicos en un archivo cuya totalidad de la ruta se define utilizando múltiples comodines en /etc/sudoers, según lo demostrado mediante '/home/*/*/file.txt.' • https://www.exploit-db.com/exploits/37710 https://github.com/t0kx/privesc-CVE-2015-5602 http://bugzilla.sudo.ws/show_bug.cgi?id=707 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html http://www.debian.org/security/2016/dsa-3440 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034392 http://www.sudo.ws/stable • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. sudo en versiones anteriores a 1.8.12 no garantiza que la variable de entorno TZ esté asociada con un archivo zoneinfo, lo que permite a usuarios locales abrir archivos arbitrarios para acceso de lectura (pero no ver el contenido del archivo) ejecutando un programa dentro de una sesión sudo, como lo demuestra interfiriendo con la salida del terminal, descartando los mensajes del kernel-log o reposicionando las unidades de cinta. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. • http://openwall.com/lists/oss-security/2014/10/15/24 http://rhn.redhat.com/errata/RHSA-2015-1409.html http://www.securitytracker.com/id/1033158 http://www.sudo.ws/alerts/tz.html https://security.gentoo.org/glsa/201504-02 https://access.redhat.com/security/cve/CVE-2014-9680 https://bugzilla.redhat.com/show_bug.cgi?id=1191144 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.6EPSS: 0%CPEs: 59EXPL: 0

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. Sudo 1.6.9 anterior a 1.8.5, cuando env_reset está deshabilitada, no comprueba debidamente variables de entorno para la restricción env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a través de una variable de entorno manipulada. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html http://rhn.redhat.com/errata/RHSA-2014-0266.html http://www.openwall.com/lists/oss-security/2014/03/06/2 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/65997 http://www.sudo.ws/sudo/alerts/env_add.html http://www.ubuntu.com/usn/USN-2146-1 https://support.appl • CWE-20: Improper Input Validation •

CVSS: 4.4EPSS: 0%CPEs: 76EXPL: 0

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. sudo v1.3.5 hasta v1.7.10p5 y v1.8.0 hasta v1.8.6p6, cuando se ejecuta en sistemas sin /proc o la función sysctl con la opción tty_tickets habilitada, no valida correctamente el control de dispositivo terminal, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorización de otra terminal a través de vectores relacionados con una sesión sin un dispositivo terminal de control y la conexión a una entrada estándar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asignó originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1353.html http://rhn.redhat.com/errata/RHSA-2013-1701.html http://www.debian.org/security/2013/dsa-2642 http://www.openwall.com/lists/oss-security/2013/02/27/31 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/58207 http://www.securityfocus.c • CWE-264: Permissions, Privileges, and Access Controls •