FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
b4e5f782-442d-11ea-9ba9-206a8a720317	sudo -- Potential bypass of Runas user restrictions Todd C. Miller reports: Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key presses. While pwfeedback is not enabled by default in the upstream version of sudo, some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files. Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled. Discovery 2020-01-30 Entry 2020-01-30 sudo < 1.8.31 https://www.sudo.ws/alerts/pwfeedback.html CVE-2019-18634

VuXML ID

Description

b4e5f782-442d-11ea-9ba9-206a8a720317

sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports:

Sudo's pwfeedback option can be used to provide visual feedback when the user is inputting their password. For each key press, an asterisk is printed. This option was added in response to user confusion over how the standard Password: prompt disables the echoing of key presses. While pwfeedback is not enabled by default in the upstream version of sudo, some systems, such as Linux Mint and Elementary OS, do enable it in their default sudoers files.

Due to a bug, when the pwfeedback option is enabled in the sudoers file, a user may be able to trigger a stack-based buffer overflow. This bug can be triggered even by users not listed in the sudoers file. There is no impact unless pwfeedback has been enabled.

Discovery 2020-01-30
Entry 2020-01-30
sudo

< 1.8.31

https://www.sudo.ws/alerts/pwfeedback.html
CVE-2019-18634