FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6193b3f6-548c-11eb-ba01-206a8a720317sudo -- Potential information leak in sudoedit

Todd C. Miller reports:

A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists.If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location.


Discovery 2021-01-11
Entry 2021-01-11
sudo
< 1.9.5

https://www.sudo.ws/stable.html#1.9.5
CVE-2021-23239
b4e5f782-442d-11ea-9ba9-206a8a720317sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports:

Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key presses. While pwfeedback is not enabled by default in the upstream version of sudo, some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.

Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled.


Discovery 2020-01-30
Entry 2020-01-30
sudo
< 1.8.31

https://www.sudo.ws/alerts/pwfeedback.html
CVE-2019-18634
f3cf4b33-6013-11eb-9a0e-206a8a720317sudo -- Multiple vulnerabilities

Todd C. Miller reports:

When invoked as sudoedit, the same set of command line options are now accepted as for sudo -e. The -H and -P options are now rejected for sudoedit and sudo -e which matches the sudo 1.7 behavior. This is part of the fix for CVE-2021-3156.

Fixed a potential buffer overflow when unescaping backslashes in the command's arguments. Normally, sudo escapes special characters when running a command via a shell (sudo -s or sudo -i). However, it was also possible to run sudoedit with the -s or -i flags in which case no escaping had actually been done, making a buffer overflow possible. This fixes CVE-2021-3156.


Discovery 2021-01-26
Entry 2021-01-26
sudo
< 1.9.5p2

https://www.sudo.ws/stable.html#1.9.5p2
CVE-2021-3156
3310014a-5ef9-11ed-812b-206a8a720317sudo -- Potential out-of-bounds write for small passwords

SO-AND-SO reports:

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.


Discovery 2022-11-07
Entry 2022-11-07
sudo
ge 1.8.0 lt 1.9.12p1

CVE-2022-43995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43995
3a1474ba-f646-11e9-b0af-b888e347c638sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports:

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.


Discovery 2019-10-15
Entry 2019-10-24
sudo
< 1.8.28

https://www.sudo.ws/alerts/minus_1_uid.html
CVE-2019-14287