Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.
df2faf65c7a84b5633290e4d3a7d6958932b30e7692ccdb236b728a8b89c4678Whitepaper giving an overview of a heap-based buffer overflow in sudo.
a3e0235d128111d0eec7f203028bcf0e94013d131d5f35034ead6f7a4c3fc3ecA heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
cdf458fa2ff6a679afd1037bdb879758b301305b20f223b3aade629bb97b04bcSudo version 1.9.5p1 Baron Samedit heap-based buffer overflow and privilege escalation exploit.
5c92904142e5934f1e20b05addc2261131559831f8576f64bf6cb2dca6f49edbSudo version 1.8.25p suffers from a buffer overflow vulnerability.
13793f27ea49c2e00cf68927042c89a45205495be48da25ef5de1bffae73c805sudo version 1.8.28 suffers from a security bypass vulnerability.
ec35a5c3501bc30592776b4e452cfc692b4f63c07d8cfcfbaac9a2658edd5f5aIf a user has sudo permissions to /usr/bin/docker, it can be leveraged to escalated privileges to root.
a181d17e97674635831b162ae57ef255badec70a2f142f2bfd18ed1903842ef8This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.
861501e9890ef0e4cff6780f3ce32dadf2038337f7e60f127a1275773d181e73Todd Miller sudo 'sudoedit' local root exploit that affects 1.6.x versions before 1.6.9p21 and 1.7.x versions before 1.7.2p4.
0bc5ddb8c9f78020b6fdf754af735e0f64922f9795dab864f38f4d35c23c24d5sudosh3 is an auditing shell and filter based on sudosh2. It aims to improve file management and terminal emulation. Passwords are not recorded.
8a1099da9a6115db2cf70112aa48600bd056c868e98ac27e80b07bfab4b7b36286 byte Linux/x86 edit /etc/sudoers for full access.
7d3c24f1326c9839b67cda1c267ce7c0840d066c32b99df5a080ae3f91c26e2fsudo versions 1.6.9p18 and below local privilege escalation exploit.
6e57487ed8ff8bd6fa393ab37f987f4b0a6eca1c9148499ace460988dfcf6daaMandriva Linux Security Advisory - Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script.
4ac05f5250746008f7cc1d3a17896fef9440b0e513f9e63a2f86e8a3f70c404aLocal root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.
01540d7b6b0b6ee45a0878ef444900d18cdc75c2444c243cfc128279fd8df1b5A race condition exists in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands.
a70767bc3df652f28565e7a7ef5f5857dd8f651bee8d0dcfe89f265f2852c080Local exploit for sudo version 1.6.8p1 that makes use of a flaw in sudoedit.
ab1bfd7ddab1b1c6b89d7c8e3bdb7bc786b3bad054180fc0cc417bc68c3ca04fsudo version 1.6.8p1 has been released to address a security flaw in sudoedit that could give a malicious user read access to file that would normally be unreadable.
efab4b67cba3f43b49749ab3f9feff2c10711daa2901a428c6afc8c3591c8f21Local root exploit for sudo + postfix. Exploits sudo prior to sudo-1.6.4.1. Tested on debian powerpc unstable.
56c4a7509e2a9ce7833c6d4cb82396da0284a904354b620cfe74d1de0f8ee533Sudo v1.5.6p2-2, a program that provides limited superuser privileges, does not properly handle improper file access attempts, revealing information about file existence.
d81be80f43f14771ac7b8428d07e62304fc1814ba6697f40b29a6e5dfb69ccfb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed