Page 5 of 24 results (0.001 seconds)

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. sudo en versiones anteriores a la 1.8.18p1 es vulnerable a una omisión en la restricción noexec de sudo si la aplicación que se ejecuta mediante sudo ejecuta la función de la biblioteca de C wordexp() con un argumento proporcionado por el usuario. Un usuario local que pueda ejecutar tal aplicación mediante sudo con la restricción noexec podría emplear este error para ejecutar comandos arbitrarios con privilegios elevados. It was discovered that the sudo noexec restriction could have been bypassed if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. • http://rhn.redhat.com/errata/RHSA-2016-2872.html http://www.securityfocus.com/bid/95778 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-7076 https://security.netapp.com/advisory/ntap-20181127-0002 https://usn.ubuntu.com/3968-1 https://usn.ubuntu.com/3968-3 https://www.sudo.ws/alerts/noexec_wordexp.html https://access.redhat.com/security/cve/CVE-2016-7076 https://bugzilla.redhat.com/show_bug.cgi?id=1384982 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-184: Incomplete List of Disallowed Inputs •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." sudoedit en Sudo en versiones anteriores a 1.8.15 permite a usuarios locales obtener privilegios a través de un ataque de enlaces simbólicos en un archivo cuya totalidad de la ruta se define utilizando múltiples comodines en /etc/sudoers, según lo demostrado mediante '/home/*/*/file.txt.' • https://www.exploit-db.com/exploits/37710 https://github.com/t0kx/privesc-CVE-2015-5602 http://bugzilla.sudo.ws/show_bug.cgi?id=707 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html http://www.debian.org/security/2016/dsa-3440 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034392 http://www.sudo.ws/stable • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. sudo en versiones anteriores a 1.8.12 no garantiza que la variable de entorno TZ esté asociada con un archivo zoneinfo, lo que permite a usuarios locales abrir archivos arbitrarios para acceso de lectura (pero no ver el contenido del archivo) ejecutando un programa dentro de una sesión sudo, como lo demuestra interfiriendo con la salida del terminal, descartando los mensajes del kernel-log o reposicionando las unidades de cinta. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. • http://openwall.com/lists/oss-security/2014/10/15/24 http://rhn.redhat.com/errata/RHSA-2015-1409.html http://www.securitytracker.com/id/1033158 http://www.sudo.ws/alerts/tz.html https://security.gentoo.org/glsa/201504-02 https://access.redhat.com/security/cve/CVE-2014-9680 https://bugzilla.redhat.com/show_bug.cgi?id=1191144 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. Desbordamiento del montón (heap) en sudo anteriores a 1.6.6 puede permitir a usuarios locales ganar privilegios de root mediante caractéres especiales en el argumento -p (prompt), que no son expandidos adecuadamente. • https://www.exploit-db.com/exploits/21420 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475 http://marc.info/?l=bugtraq&m=101974610509912&w=2 http://marc.info/?l=bugtraq&m=101975443619600&w=2 http://marc.info/?l=bugtraq&m=101979472822196&w=2 http://marc.info/? • CWE-131: Incorrect Calculation of Buffer Size •