Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root.
9caf2d86fd42cb7a6098a98695d2f0c8ac71c65afef31f1c6345f008453f417aRed Hat Security Advisory 2023-3276-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
51db434bdac9e1d765db7e0ae1a010d796c792f5cce968883d44dfaf31b8adcbRed Hat Security Advisory 2023-3264-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
e8f110482b397ce1e47cf5d7e98aa19d70eb562abdcedf32f01dd4d680b158e4Red Hat Security Advisory 2023-3262-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
11d9dda85ca2c49f645d2c1b7dcd437b36abe926970a4eb90e03bad63db3e459This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit (aka sudo -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. by appending extra entries on /etc/sudoers allowing for execution of an arbitrary payload with root privileges. Affected versions are 1.8.0 through 1.9.12.p1. However, this module only works against Ubuntu 22.04 and 22.10. This module was tested against sudo 1.9.9-1ubuntu2 on Ubuntu 22.04 and 1.9.11p3-1ubuntu1 on Ubuntu 22.10.
eaefd5435610f2d14b94c9716c1cfacaa1464408e9bb9ca12c02d1fd7cb21f04Gentoo Linux Security Advisory 202305-12 - A vulnerability has been discovered in sudo which could result in root privilege escalation. Versions less than 1.9.12_p2 are affected.
b8f9643203a24f27c9e405bdb0297e4ad8adff7235b76a4220ae9bf87e546de1sudo versions 1.8.0 through 1.9.12p1 local privilege escalation exploit.
940dfd92aecb423ad0c55dc8c35cb7413ed385f1c05de5191eaac03dd2499f68Red Hat Security Advisory 2023-0859-01 - The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. The ovirt-node-ng packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks. Issues addressed include code execution and integer overflow vulnerabilities.
b39a59363fbd731e62f1a1ede680800cd53d885a10e525e1d8f8e64dee02709eUbuntu Security Notice 5811-3 - USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files.
f1dcb425e05dbefdeb5273307dd7c4045c531a34effb1aeaf896da8bb14e6bc0Red Hat Security Advisory 2023-0293-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
a4067411f99faa1bb4926eac06ca90a7df07065912c424497ee2a31714014524Red Hat Security Advisory 2023-0291-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
fb9686ab503ce3f53eeea48355d3ad3fcc097cb9da527b00610597c6620af77fRed Hat Security Advisory 2023-0281-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
4b83d21301cedbdceb04c047c83e309ed16caf4f99685306373dcac653157573Red Hat Security Advisory 2023-0280-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
4c1e539523f7d958c12a619f14fa1636ccb49ca0f7534f6de5b9db2836ec71e9Red Hat Security Advisory 2023-0284-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
1c64299a85cf44017c49bed891377684b339a81330e45429fc1023d73ac4283aRed Hat Security Advisory 2023-0282-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
d608b7439c9d41f0f2e16e453616203147710c93f5b13773223ec2b6857dea13Red Hat Security Advisory 2023-0287-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
80490654079233af7420cf9d540a072da412c5bf15c58331a89294a323ea5869Red Hat Security Advisory 2023-0292-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
b73280c3e27944eea1069c40edf7a4873168ff10d2fe2344bfcfbdaafad87c32Red Hat Security Advisory 2023-0283-01 - The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
96662ecbaed4b48f269bf2f501b9c2d7708dd0ce0d2282098a62913ccb5f140bUbuntu Security Notice 5811-2 - USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 16.04 ESM. Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files.
f19b382d858b5863b61a5edd257365608bbeb7c1fc83c6f466832025a74367faUbuntu Security Notice 5811-1 - Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. It was discovered that the Protobuf-c library, used by Sudo, incorrectly handled certain arithmetic shifts. An attacker could possibly use this issue to cause Sudo to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS.
125a5a2bfed966c929abe10855d93636c2099a6516997eefaa81b2d2f0f7af69Debian Linux Security Advisory 5321-1 - Matthieu Barjole and Victor Cutillas discovered that sudoedit in sudo, a program designed to provide limited super user privileges to specific users, does not properly handle '--' to separate the editor and arguments from files to edit. A local user permitted to edit certain files can take advantage of this flaw to edit a file not permitted by the security policy, resulting in privilege escalation.
fed19510b58aa2b08c2e6cd8afc7e6d9a748bc823a0346d85f06d484c9fb17fb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed