Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-43995: Fix CVE-2022-43995, potential heap overflow for passwords < 8 charact… · sudo-project/sudo@bd209b9

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.

CVE
#auth

@@ -63,7 +63,7 @@ sudo_passwd_init(struct passwd *pw, sudo_auth *auth) int sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_conv_callback *callback) { char sav, *epass; char des_pass[9], *epass; char *pw_epasswd = auth->data; size_t pw_len; int matched = 0; @@ -75,20 +75,19 @@ sudo_passwd_verify(struct passwd *pw, char *pass, sudo_auth *auth, struct sudo_c
/* * Truncate to 8 chars if standard DES since not all crypt()'s do this. * If this turns out not to be safe we will have to use OS #ifdef’s (sigh). */ sav = pass[8]; pw_len = strlen(pw_epasswd); if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) pass[8] = '\0’; if (pw_len == DESLEN || HAS_AGEINFO(pw_epasswd, pw_len)) { strlcpy(des_pass, pass, sizeof(des_pass)); pass = des_pass; }
/* * Normal UN*X password check. * HP-UX may add aging info (separated by a ‘,’) at the end so * only compare the first DESLEN characters in that case. */ epass = (char *) crypt(pass, pw_epasswd); pass[8] = sav; if (epass != NULL) { if (HAS_AGEINFO(pw_epasswd, pw_len) && strlen(epass) == DESLEN) matched = !strncmp(pw_epasswd, epass, DESLEN);

Related news

CVE-2023-23694: DSA-2023-071: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities – 7.0.450

Dell VxRail versions earlier than 7.0.450, contain(s) an OS command injection vulnerability in VxRail Manager. A local authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker.

Gentoo Linux Security Advisory 202211-08

Gentoo Linux Security Advisory 202211-8 - A vulnerability has been discovered in sudo which could result in denial of service. Versions less than 1.9.12-r1 are affected.

CVE-2021-23239: Stable Release

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907