SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.Īn Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5 openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. A successful exploit could allow the attacker to take complete control of the affected device.Ī privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. An attacker could exploit this vulnerability by calling the script with sudo. This vulnerability is due to insecure file permissions. The attacker must have valid credentials on the affected device.Ī vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. A successful exploit could allow the attacker to view arbitrary files as root on the underlying operating system. An attacker could exploit this vulnerability by issuing certain commands using sudo. This vulnerability is due to insufficient input validation by the operating system CLI. The problem exists because a user-specified editor may contain a "-" argument that defeats a protection mechanism, e.g., an EDITOR='vim - /path/to/extra/file' value.Ī vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, local attacker to elevate privileges on an affected device. Affected versions are 1.8.0 through 1.9.12.p1. In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. Systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Sudo before 1.9.13p2 has a double free in the per-command chroot feature. Sudo before 1.9.13 does not escape control characters in log messages. Sudo before 1.9.13 does not escape control characters in sudoreplay output. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. Prior to versions 2.9.9 and 2.10.1, the `ckan` user (equivalent to Versions 2.9.9, 2.9.9-dev, 2.10.1, and 2.10.1-dev contain a patch.ĭmidecode before 3.5 allows -dump-bin to overwrite a local file. This allows the elevated execution of binaries without a password requirement.ĬKAN is an open-source data management system for powering data hubs and data portals. Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |