Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0232-1

Опубликовано: 27 янв. 2021
Источник: suse-cvrf

Описание

Security update for sudo

This update for sudo fixes the following issues:

  • A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156]
  • It was possible for a user to test for the existence of a directory due to a Race Condition in sudoedit [bsc#1180684,CVE-2021-23239]

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
sudo-1.8.10p3-10.29.1
SUSE Linux Enterprise Server 12 SP2-LTSS
sudo-1.8.10p3-10.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
sudo-1.8.10p3-10.29.1
SUSE OpenStack Cloud 7
sudo-1.8.10p3-10.29.1

Ссылки

Описание

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.29.1
SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.29.1
SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.29.1
Ссылки

Описание

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:sudo-1.8.10p3-10.29.1
SUSE Linux Enterprise Server 12 SP2-LTSS:sudo-1.8.10p3-10.29.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2:sudo-1.8.10p3-10.29.1
SUSE OpenStack Cloud 7:sudo-1.8.10p3-10.29.1
Ссылки
Уязвимость SUSE-SU-2021:0232-1