FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3a1474ba-f646-11e9-b0af-b888e347c638	sudo -- Potential bypass of Runas user restrictions Todd C. Miller reports: When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295. This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification. Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command. Discovery 2019-10-15 Entry 2019-10-24 sudo < 1.8.28 https://www.sudo.ws/alerts/minus_1_uid.html CVE-2019-14287

VuXML ID

Description

3a1474ba-f646-11e9-b0af-b888e347c638

sudo -- Potential bypass of Runas user restrictions

Todd C. Miller reports:

When sudo is configured to allow a user to run commands as an arbitrary user via the ALL keyword in a Runas specification, it is possible to run commands as root by specifying the user ID -1 or 4294967295.

This can be used by a user with sufficient sudo privileges to run commands as root even if the Runas specification explicitly disallows root access as long as the ALL keyword is listed first in the Runas specification.

Log entries for commands run this way will list the target user as 4294967295 instead of root. In addition, PAM session modules will not be run for the command.

Discovery 2019-10-15
Entry 2019-10-24
sudo

< 1.8.28

https://www.sudo.ws/alerts/minus_1_uid.html
CVE-2019-14287