what you don't know can hurt you
Showing 1 - 25 of 100 RSS Feed

Files

Sudo 1.9.5p1 Buffer Overflow / Privilege Escalation
Posted Feb 3, 2021
Authored by West Shepherd, Baron Samedit, Stephen Tong

Sudo version 1.9.5p1 Baron Samedit heap-based buffer overflow and privilege escalation exploit.

tags | exploit, overflow
advisories | CVE-2021-3156
MD5 | 06abe878c8e1c4839b5ad21bf99c0808

Related Files

Secunia Security Advisory 50178
Posted Aug 8, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes a security issue, which can be exploited by malicious, local users to manipulate certain data.

tags | advisory, local
systems | linux, redhat
MD5 | 741f187fe18a9dab4aeacab57e8610b8
Red Hat Security Advisory 2012-1149-01
Posted Aug 8, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1149-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. An insecure temporary file use flaw was found in the sudo package's post-uninstall script. A local attacker could possibly use this flaw to overwrite an arbitrary file via a symbolic link attack, or modify the contents of the "/etc/nsswitch.conf" file during the upgrade or removal of the sudo package. This update also fixes the following bugs:

tags | advisory, arbitrary, local, root
systems | linux, redhat
advisories | CVE-2012-3440
MD5 | a91ebe98e1d1be7a637e8f0b5e333130
Secunia Security Advisory 49948
Posted Jul 17, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, redhat
MD5 | 9312ad2de05c14fbedb553d7399ab202
Red Hat Security Advisory 2012-1081-01
Posted Jul 16, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-1081-01 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way the network matching code in sudo handled multiple IP networks listed in user specification configuration directives. A user, who is authorized to run commands with sudo on specific hosts, could use this flaw to bypass intended restrictions and run those commands on hosts not matched by any of the network specifications. All users of sudo are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2012-2337
MD5 | 58b8344d31be5f67afc14314a1c614ad
Secunia Security Advisory 49860
Posted Jul 11, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, gentoo
MD5 | 881b3922a758bce83e96855231712a22
Gentoo Linux Security Advisory 201207-01
Posted Jul 10, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201207-1 - A vulnerability has been found in sudo which may allow local users to gain escalated privileges. Versions less than 1.8.5_p1 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2012-2337
MD5 | 76dfecf3409783fc1182bf0c997aaff0
Secunia Security Advisory 49291
Posted May 29, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - SUSE has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, suse
MD5 | ff34f1ab36c5a1c14d74bc64c303fcc0
Debian Security Advisory 2478-1
Posted May 24, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2478-1 - It was discovered that sudo misparsed network masks used in Host and Host_List stanzas. This allowed the execution of commands on hosts, where the user would not be allowed to run the specified command.

tags | advisory
systems | linux, debian
advisories | CVE-2012-2337
MD5 | 0fb35332f786e3a43d2bfaed445f35b4
Secunia Security Advisory 49244
Posted May 24, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Debian has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, debian
MD5 | 8dc4488111930a690046e8cd56a07d0d
Mandriva Linux Security Advisory 2012-079
Posted May 22, 2012
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-079 - A flaw exists in the IP network matching code in sudo versions 1.6.9p3 through 1.8.4p4 that may result in the local host being matched even though it is not actually part of the network described by the IP address and associated netmask listed in the sudoers file or in LDAP. As a result, users authorized to run commands on certain IP networks may be able to run commands on hosts that belong to other networks not explicitly listed in sudoers. The updated packages have been patched to correct this issue.

tags | advisory, local
systems | linux, mandriva
advisories | CVE-2012-2337
MD5 | a82d4f16637b3e9c765adcb020435e6e
Secunia Security Advisory 49219
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in Sudo, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
MD5 | fc2b747152b25c1a1d62d7b3e21507e0
Secunia Security Advisory 49211
Posted May 18, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious users to bypass certain security restrictions.

tags | advisory
systems | linux, ubuntu
MD5 | 21f180832ee7a649e666a1a5dcc842c6
Ubuntu Security Notice USN-1442-1
Posted May 16, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1442-1 - It was discovered that sudo incorrectly handled network masks when using Host and Host_List. A local user who is listed in sudoers may be allowed to run commands on unintended hosts when IPv4 network masks are used to grant access. A local attacker could exploit this to bypass intended access restrictions. Host and Host_List are not used in the default installation of Ubuntu.

tags | advisory, local
systems | linux, ubuntu
advisories | CVE-2012-2337
MD5 | 8bd15a43a016332b8e59a510137e4128
Secunia Security Advisory 48251
Posted Mar 7, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Gentoo has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, gentoo
MD5 | 9a65f92be85f3ca7afac56d36cb78835
Gentoo Linux Security Advisory 201203-06
Posted Mar 6, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201203-6 - Two vulnerabilities have been discovered in sudo, allowing local attackers to possibly gain escalated privileges. Versions less than 1.8.3_p2 are affected.

tags | advisory, local, vulnerability
systems | linux, gentoo
advisories | CVE-2011-0010, CVE-2012-0809
MD5 | 8c6665585699f3700d83d7feda81c7df
Red Hat Security Advisory 2012-0309-03
Posted Feb 21, 2012
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2012-0309-03 - The sudo utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the sudo password checking logic. In configurations where the sudoers settings allowed a user to run a command using sudo with only the group ID changed, sudo failed to prompt for the user's password before running the specified command with the elevated group privileges. Various other issues have also been addressed in this advisory.

tags | advisory, root
systems | linux, redhat
advisories | CVE-2011-0010
MD5 | 9991e164e8b58d770c673903fdb08c50
Secunia Security Advisory 47743
Posted Feb 1, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - joernchen has discovered a vulnerability in sudo, which can be exploited by malicious, local users to gain escalated privileges.

tags | advisory, local
MD5 | d8dafd4e50ba2d9ca0c5987af032638b
sudo 1.8.3p1 Format String
Posted Jan 30, 2012
Authored by joernchen | Site phenoelit.de

sudo versions 1.8.0 through 1.8.3p1 suffer from a format string vulnerability that allows for privilege escalation.

tags | exploit
MD5 | b2036d45402949553965c07da5b6d34c
Debian Security Advisory 2254-2
Posted Jul 16, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2254-2 - Jamie Strandboge noticed that the patch proposed to fix CVE-2011-1760 in OProfile has been incomplete. OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.

tags | advisory, arbitrary, local, root
systems | linux, debian
advisories | CVE-2011-1760
MD5 | e0e739c5dff9867a6e0776fef8707ff8
Debian Security Advisory 2254-1
Posted Jun 6, 2011
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2254-1 - OProfile is a performance profiling tool which is configurable by opcontrol, its control utility. Stephane Chauveau reported several ways to inject arbitrary commands in the arguments of this utility. If a local unprivileged user is authorized by sudoers file to run opcontrol as root, this user could use the flaw to escalate his privileges.

tags | advisory, arbitrary, local, root
systems | linux, debian
advisories | CVE-2011-1760
MD5 | dc3113f05b10d2cbd93cd8d4721347db
Secunia Security Advisory 44654
Posted May 20, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Red Hat has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, redhat
MD5 | 8695807403af9d8f13199802ea09d5b3
Accellion File Transfer Appliance MPIPE2 Command Execution
Posted Mar 14, 2011
Authored by H D Moore | Site metasploit.com

This Metasploit module exploits a chain of vulnerabilities in the Accellion File Transfer appliance. This appliance exposes a UDP service on port 8812 that acts as a gateway to the internal communication bus. This service uses Blowfish encryption for authentication, but the appliance ships with two easy to guess default authentication keys. This Metasploit module abuses the known default encryption keys to inject a message into the communication bus. In order to execute arbitrary commands on the remote appliance, a message is injected into the bus destined for the 'matchrep' service. This service exposes a function named 'insert_plugin_meta_info' which is vulnerable to an input validation flaw in a call to system(). This provides access to the 'soggycat' user account, which has sudo privileges to run the primary admin tool as root. These two flaws are fixed in update version FTA_8_0_562.

tags | exploit, remote, arbitrary, root, udp, vulnerability
MD5 | 68bf251bee705d5b41c489b1b7ae0520
Secunia Security Advisory 43282
Posted Feb 14, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Slackware has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, slackware
MD5 | f2c6106194d010683ad881a6a5fd0492
Mandriva Linux Security Advisory 2011-018
Posted Jan 21, 2011
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2011-018 - A patch for parse.c in sudo does not properly interpret a system group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

tags | advisory, local, root
systems | linux, mandriva
advisories | CVE-2011-0008, CVE-2011-0010
MD5 | d5328b49e5861521e02e0e3336f794e8
Secunia Security Advisory 42949
Posted Jan 21, 2011
Authored by Secunia | Site secunia.com

Secunia Security Advisory - Ubuntu has issued an update for sudo. This fixes a vulnerability, which can be exploited by malicious, local users to perform certain actions with escalated privileges.

tags | advisory, local
systems | linux, ubuntu
MD5 | a2576f80e9596d543d6c0448219a0449
Page 1 of 4
Back1234Next

File Archive:

April 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    17 Files
  • 2
    Apr 2nd
    2 Files
  • 3
    Apr 3rd
    2 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    15 Files
  • 6
    Apr 6th
    15 Files
  • 7
    Apr 7th
    20 Files
  • 8
    Apr 8th
    16 Files
  • 9
    Apr 9th
    5 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    4 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close