Searching sudo software vulnerabilities

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 al

attempting | determine | arbitrary | generates | existence | different | filename | message | program | execute | allows | target | Debian | which | exist | error | Linux | files | users | local | file | does | Sudo | Hat | not | Red |

Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.


keyinit in S/Key does not require authenticatio

authentication | initialize | privileges | activities | passwords | password | attacker | sequence | one-time | keyinit | account | require | gained | create | allows | which | S/Key | other | does | user | such | sudo | may | has | not | use | new |

keyinit in S/Key does not require authentication to initialize a one-time password sequence, which allows an attacker who has gained privileges to a user account to create new one-time passwords for use in other activities that may use S/Key authentication, such as sudo.


sudo before 1.6.8p2 allows local users to execu

arbitrary | commands | execute | allows | before | using | 168p2 | local | users | sudo |

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.


Sudo VISudo 1.6.8 and earlier allows local user

VISudo | Sudo |

Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.


Cocktail 3.5.4 and possibly earlier in Mac OS X

Cocktail |

Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.


** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3,

distributions | privileges | possibly | entering | password | DISPUTED | hitting | allows | CTRL-C | blank | using | 168p7 | other | Linux | users | local | Sudo | SuSE | gain | call | then |

** DISPUTED ** Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty."


Race condition in sudo 1.3.1 up to 1.6.8p8, whe

condition | sudo | Race |

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.


Incomplete blacklist vulnerability in sudo 1.6.

vulnerability | Incomplete | blacklist | sudo |

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.


initscripts in Red Hat Enterprise Linux 4 does

/sbin/service | environment | permissions | initscripts | privileges | Enterprise | variables | executed | properly | vectors | unknown | certain | allows | handle | local | users | Linux | which | root | does | gain | sudo | not | via | Hat | Red |

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.


Sudo before 1.6.8 p12, when the Perl taint flag

before | Sudo |

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.


sudo 1.6.8 and other versions does not clear th

sudo |

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.


Untrusted search path vulnerability in opcontro

vulnerability | opcontrol | Untrusted | OProfile | search | path |

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.


Multiple buffer overflows in htpasswd, as used

privileges | overflows | possibly | products | Multiple | htpasswd | Apache | thttpd | buffer | might | users | local | allow | other | gain | used | Acme | such | 225b | via |

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2) a long line in a file. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.


htpasswd, as used in Acme thttpd 2.25b and poss

metacharacters | privileges | possibly | argument | products | function | htpasswd | command | thttpd | Apache | system | which | shell | users | allow | might | other | local | 225b | used | Acme | call | gain | such | line | via |

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, and the exploit is through command line options, perhaps this issue should not be included in CVE. However, if there are some typical or recommended configurations that use htpasswd with sudo privileges, or common products that access htpasswd remotely, then perhaps it should be included.


Multiple stack-based buffer overflows in utilit

utilities/smb4k_*cpp | stack-based | overflows | Multiple | before | buffer | Smb4K |

Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, in conjunction with the sudo configuration.


sudo, when linked with MIT Kerberos 5 (krb5), d

Kerberos | linked | sudo | MIT |

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."


Multiple race conditions in the (1) Sudo monito

conditions | Multiple | race |

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.


Software vulnerabilities results 1 to 18 of 18     
Page: 1