The Qualys Research Labs discovered a heap-based buffer overflow
vulnerability in sudo, a program designed to provide limited super user
privileges to specific users Any local user (sudoers and non-sudoers)
can exploit this flaw for root privilege escalation
For the stable distribution (buster), this problem has been fixed in
version 1827-1+deb ...
When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being ...
When sudo runs a command in shell mode, either via the -s or -i command line option, it escapes special characters in the command's arguments with a backslash The sudoers policy plugin will then remove the escape characters from the arguments before evaluating the sudoers policy (which doesn't expect the escape characters) if the command is being ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 76 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 77 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 73 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 72 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syst ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4313
Type/Severity
Security Advisory: Important
Topic
An update for redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 7Red Hat Product Security has rated this u ...
Synopsis
Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-444]
Type/Severity
Security Advisory: Important
Topic
An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterpri ...
Synopsis
Important: sudo security update
Type/Severity
Security Advisory: Important
Topic
An update for sudo is now available for Red Hat Enterprise Linux 74 Advanced Update Support, Red Hat Enterprise Linux 74 Telco Extended Update Support, and Red Hat Enterprise Linux 74 Update Services for SAP Solutio ...
A vulnerability in the command line parameter parsing code of Sudo could allow an authenticated, local attacker to execute commands or binaries with root privileges
The vulnerability is due to improper parsing of command line parameters that may result in a heap-based buffer overflow An attacker could exploit this vulnerability by accessing a Uni ...
A serious heap-based buffer overflow has been discovered in sudo before version 195p2 that is exploitable by any local user It has been given the name Baron Samedit by its discoverer The bug can be leveraged to elevate privileges to root, even if the user is not listed in the sudoers file User authentication is not required to exploit the bug ...