CVE-2012-2337 – sudo: Multiple netmask values used in Host / Host_List configuration cause any host to be allowed access
https://notcve.org/view.php?id=CVE-2012-2337
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. sudo v1.6.x y v1.7.x antes de v1.7.9p1, y v1.8.x antes de v1.8.4p5, no admite correctamente las configuraciones que utilizan una sintaxis de la máscara de red, lo que permite a usuarios locales eludir restricciones de comandos en circunstancias oportunistas mediante la ejecución de un comando en un host que tiene una dirección IPv4. • http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html http://secunia.com/advisories/49219 http://secunia.com/advisories/49244 http://secunia.com/advisories/49291 http://secunia.com/advisories/49948 http://www.debian.org/security/2012/dsa-2478 http://www.mandriva.com/security/advisories?name=MDVSA-2012:079 http://www.securitytracker.com/id?1027077 http://www.sudo.ws/sudo/alerts/netmask.html https://bugzilla.redhat.com/show_bug.cgi?id=820677 https:// • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2011-0008
https://notcve.org/view.php?id=CVE-2011-0008
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. Un parche en Fedora para parse.c en sudo anterior a v1.7.4p5-1.fc14 en Fedora 14 no interpreta correctamente un system group (también conocido como el %group) en el fichero sudoers en las decisiones de autorización para un usuario que pertenece a ese grupo, permitiendo a usuarios locales aprovecharse de un fichero sudoers y obtener privilegios de root a través de un comando sudo. NOTA: esta vulnerabilidad existe debido a la vulnerabilidad CVE-2009-0034. • http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html http://secunia.com/advisories/42968 http://www.mandriva.com/security/advisories?name=MDVSA-2011:018 http://www.vupen.com/english/advisories/2011/0195 http://www.vupen.com/english/advisories/2011/0199 https://bugzilla.redhat.com/show_bug.cgi?id=668843 https://exchange.xforce.ibmcloud.com/vulnerabilities/64965 •
CVE-2010-1646 – sudo: insufficient environment sanitization issue
https://notcve.org/view.php?id=CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. La funcionalidad de ruta de acceso segura en env.c en sudo v1.3.1 a v1.6.9p22 y v1.7.0 a v1.7.2p6 no controla correctamente un entorno que contenga múltiples variables PATH, lo que podría permitir a usuarios locales conseguir privilegios a través de un valor debidamente modificado de la última variable de entorno PATH. • http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://secunia.com/advisories/40002 http://secunia.com/advisories/40188 http://secunia.com/advisories/40215 http://secunia.com/advisories/40508 http://secunia.com/advisories/43068 http:/ • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0427 – sudo: Fails to reset group permissions if runas_default set
https://notcve.org/view.php?id=CVE-2010-0427
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. sudo v1.6.x anterior a v1.6.9p21 cuando se utiliza la opción runas_default no establece adecuadamente las pertenencias a grupos, esto permite a usuarios locales aumentar sus privilegios mediante un comando sudo. • ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38762 http://secunia.com/advisories/38795 http://secunia.com/advisories/38803 http://secunia.com/advisories/38915 http://securitytracker.com/id?1023658 http://sudo.ws/repos/sudo/rev/aa0b6c01c462 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.debian.org/security/2010/dsa-2006 http://www.gentoo.org/s • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0426 – sudo: sudoedit option can possibly allow for arbitrary code execution
https://notcve.org/view.php?id=CVE-2010-0426
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. sudo v1.6.x anterior a v1.6.9p21 y v1.7.x anterior a v1.7.2p4, cuando un pseudo-comando está activado, permite la coincidencia entre el nombre del pseudo-comando y el nombre de un archivo ejecutable en un directorio cualquiera, lo que permite a usuarios locales obtener privilegios a través de un archivo ejecutable manipulado, como se ha demostrado mediante el archivo sudoedit en el directorio home de un usuario. • https://github.com/t0kx/privesc-CVE-2010-0426 https://github.com/g1vi/CVE-2010-0426 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://secunia.com/advisories/38659 http://secunia.com • CWE-264: Permissions, Privileges, and Access Controls •