26 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-7090 – Sudo: improper handling of ipa_hostname leads to privilege mismanagement

https://notcve.org/view.php?id=CVE-2023-7090

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. Se encontró una falla en sudo en el manejo de ipa_hostname, donde ipa_hostname de /etc/sssd/sssd.conf no se propagó en sudo. Por lo tanto, genera una vulnerabilidad de mala gestión de privilegios en las aplicaciones, donde los hosts de los clientes conservan los privilegios incluso después de retirarlos. • https://access.redhat.com/security/cve/CVE-2023-7090 https://bugzilla.redhat.com/show_bug.cgi?id=2255723 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.netapp.com/advisory/ntap-20240208-0001 https://www.sudo.ws/releases/legacy/#1.8.28 • CWE-269: Improper Privilege Management •

CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-42465 – sudo: Targeted Corruption of Register and Stack Variables

https://notcve.org/view.php?id=CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y porque los valores no resisten los cambios de un solo bit. A flaw was found in the sudo package. This issue could allow a local authenticated attacker to cause a bit to flip, which enables fault injection and may authenticate as the root user. • https://arxiv.org/abs/2309.02545 https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ https://security.gentoo.org/glsa/202401-29 https://security.netapp.com/advisory/ntap-20240208-0002 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-28486 – sudo: Sudo does not escape control characters in log messages

https://notcve.org/view.php?id=CVE-2023-28486

Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28486 https://bugzilla.redhat.com/show_bug.cgi?id=2179272 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •

CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0

CVE-2023-28487 – sudo: Sudo does not escape control characters in sudoreplay output

https://notcve.org/view.php?id=CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html https://security.gentoo.org/glsa/202309-12 https://security.netapp.com/advisory/ntap-20230420-0002 https://access.redhat.com/security/cve/CVE-2023-28487 https://bugzilla.redhat.com/show_bug.cgi?id=2179273 • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 12

CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation

https://notcve.org/view.php?id=CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En Sudo anterior a 1.9.12p2, la función sudoedit (también conocida como -e) maneja mal argumentos adicionales pasados en las variables de entorno proporcionadas por el usuario (SUDO_EDITOR, VISUAL y EDITOR), permitiendo a un atacante local agregar entradas arbitrarias a la lista de archivos para procesar. . • https://www.exploit-db.com/exploits/51217 https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc https://github.com/Chan9Yan9/CVE-2023-22809 https://github.com/Toothless5143/CVE-2023-22809 https://github.com/3yujw7njai/CVE-2023-22809-sudo-POC https://github.com/pashayogi/CVE-2023-22809 https://github.com/M4fiaB0y/CVE-2023-22809 https://github.com/asepsaepdin/CVE-2023-22809 https://github.com/AntiVlad/CVE-2023-22809 http://packetstormsecurity.com/files/171644/sudo-1.9.12p • CWE-269: Improper Privilege Management •