ALAS-2013-259 ---- sudoID: oval:org.secpod.oval:def:1600292 | Date: (C)2016-05-19 (M)2023-12-07 |
Class: PATCH | Family: unix |
A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim"s password. It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim"s password
Platform: |
Amazon Linux AMI |