FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
3a1474ba-f646-11e9-b0af-b888e347c638sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports:

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.


Discovery 2019-10-15
Entry 2019-10-24
sudo
< 1.8.28

https://www.sudo.ws/alerts/minus_1_uid.html
CVE-2019-14287
2e4fbc9a-9d23-11e6-a298-14dae9d210b8sudo -- Potential bypass of sudo_noexec.so via wordexp()

Todd C. Miller reports:

A flaw exists in sudo's noexec functionality that may allow a user with sudo privileges to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp() function.


Discovery 2016-10-28
Entry 2016-10-28
sudo
ge 1.6.8 lt 1.8.18p1

https://www.sudo.ws/alerts/noexec_wordexp.html
CVE-2016-7076
f3cf4b33-6013-11eb-9a0e-206a8a720317sudo -- Multiple vulnerabilities

Todd C. Miller reports:

When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.

Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.


Discovery 2021-01-26
Entry 2021-01-26
sudo
< 1.9.5p2

https://www.sudo.ws/stable.html#1.9.5p2
CVE-2021-3156
6193b3f6-548c-11eb-ba01-206a8a720317sudo -- Potential information leak in sudoedit

Todd C. Miller reports:

A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists.If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location.


Discovery 2021-01-11
Entry 2021-01-11
sudo
< 1.9.5

https://www.sudo.ws/stable.html#1.9.5
CVE-2021-23239
2e8cdd36-c3cc-11e5-b5fe-002590263bf5sudo -- potential privilege escalation via symlink misconfiguration

MITRE reports:

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."


Discovery 2015-11-17
Entry 2016-01-26
sudo
< 1.8.15

CVE-2015-5602
ports/206590
https://www.exploit-db.com/exploits/37710/
https://bugzilla.sudo.ws/show_bug.cgi?id=707
http://www.sudo.ws/stable.html#1.8.15
b4e5f782-442d-11ea-9ba9-206a8a720317sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports:

Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key presses. While pwfeedback is not enabled by default in the upstream version of sudo, some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.

Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled.


Discovery 2020-01-30
Entry 2020-01-30
sudo
< 1.8.31

https://www.sudo.ws/alerts/pwfeedback.html
CVE-2019-18634