Download
| Alert*
oval:org.secpod.oval:def:503431
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:503441 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:503369 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:89003222 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:89003475 This update for sudo fixes the following issues: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:89003116 This update for sudo fixes the following issues: Security issue fixed: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:66491 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:89050641 This update for sudo fixes the following issue: - CVE-2019-14287: Fixed an issue where a user with sudo privileges that allowed them to run commands with an arbitrary uid, could run commands as root, despite being forbidden to do so in sudoers . oval:org.secpod.oval:def:1601098 When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.This can be used by a user with sufficient sudo privileges to run commands as root even if the ... oval:org.secpod.oval:def:117210 Sudo allows a system administrator to give certain users the ability to run some commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per- ... oval:org.secpod.oval:def:1801644 https://thehackernews.com/2019/10/linux-sudo-run-as-root-flaw.html https://www.sudo.ws/alerts/minus_1_uid.htmlchanged title from sudo needs updating to 1.8.28, due to security flaw to sudo needs updating to 1.8.28, due to security flaw oval:org.secpod.oval:def:1700229 When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.This can be used by a user with sufficient sudo privileges to run commands as root even if the ... oval:org.secpod.oval:def:59581 Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 42949672 ... oval:org.secpod.oval:def:205383 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:2105121 In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo ... oval:org.secpod.oval:def:59592 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:1502710 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:705235 sudo: Provide limited super user privileges to specific users Sudo could be made to run commands as root if it called with a specially crafted user ID. oval:org.secpod.oval:def:59044 A flaw was found in the way sudo implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to run a command as any user except root, this flaw can be used by the attacker to bypass that restriction. oval:org.secpod.oval:def:69915 Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 42949672 ... oval:org.secpod.oval:def:205391 The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix: * sudo: Privilege escalation via "Runas" specifica ... oval:org.secpod.oval:def:1502693 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502732 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:1502696 The advisory is missing the security advisory description. For more information please visit the reference link oval:org.secpod.oval:def:604562 Joe Vennix discovered that sudo, a program designed to provide limited super user privileges to specific users, when configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, allows to run commands as root by specifying the user ID - -1 or 42949672 ... |