Количество 6
Количество 6
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user cou...
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could
CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to ...
GHSA-2r3c-m6v7-9354
sudo-rs Session File Relative Path Traversal vulnerability
BDU:2023-07551
Уязвимость программ системного администрирования Sudo-rs, связанная с недостаточной проверкой введенных пользователем командных аргументов, позволяющая нарушителю повысить свои привилегии путём создания специально сформированного имени пользователя
ROS-20240328-04
Множественные уязвимости sudo
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-42456 Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user cou... | CVSS3: 3.1 | 0% Низкий | почти 2 года назад |
 | CVE-2023-42456 Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could | CVSS3: 3.1 | 0% Низкий | почти 2 года назад |
| CVE-2023-42456 Sudo-rs, a memory safe implementation of sudo and su, allows users to ... | CVSS3: 3.1 | 0% Низкий | почти 2 года назад |
| GHSA-2r3c-m6v7-9354 sudo-rs Session File Relative Path Traversal vulnerability | CVSS3: 3.1 | 0% Низкий | почти 2 года назад |
 | BDU:2023-07551 Уязвимость программ системного администрирования Sudo-rs, связанная с недостаточной проверкой введенных пользователем командных аргументов, позволяющая нарушителю повысить свои привилегии путём создания специально сформированного имени пользователя | CVSS3: 8.1 | 0% Низкий | почти 2 года назад |
 | ROS-20240328-04 Множественные уязвимости sudo | CVSS3: 8.1 | около 1 года назад |
Уязвимостей на страницу