All the vulnerabilites related to beyondtrust - privilege_management_for_mac
cve-2021-3187
Vulnerability from cvelistv5
Published
2023-12-11 00:00
Modified
2024-08-03 16:45
Severity ?
EPSS score ?
Summary
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:45:51.414Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm" }, { "tags": [ "x_transferred" ], "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)" } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-12-11T22:28:02.851717", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm" }, { "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3187", "datePublished": "2023-12-11T00:00:00", "dateReserved": "2021-01-21T00:00:00", "dateUpdated": "2024-08-03T16:45:51.414Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2021-3156
Vulnerability from cvelistv5
Published
2021-01-26 00:00
Modified
2024-09-18 16:41
Severity ?
EPSS score ?
Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-03T16:45:51.408Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update", "tags": [ "mailing-list", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html" }, { "name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Jan/79" }, { "name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "name": "GLSA-202101-33", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202101-33" }, { "name": "DSA-4839", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://www.debian.org/security/2021/dsa-4839" }, { "name": "FEDORA-2021-2cb63d912a", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/" }, { "name": "FEDORA-2021-8840cbdccd", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/" }, { "name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1" }, { "name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2" }, { "name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021", "tags": [ "vendor-advisory", "x_transferred" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM" }, { "name": "VU#794544", "tags": [ "third-party-advisory", "x_transferred" ], "url": "https://www.kb.cert.org/vuls/id/794544" }, { "name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2021/Feb/42" }, { "name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "tags": [ "x_transferred" ], "url": "https://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210128-0002/" }, { "tags": [ "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210128-0001/" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html" }, { "tags": [ "x_transferred" ], "url": "https://support.apple.com/kb/HT212177" }, { "tags": [ "x_transferred" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348" }, { "tags": [ "x_transferred" ], "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability" }, { "tags": [ "x_transferred" ], "url": "https://www.synology.com/security/advisory/Synology_SA_21_02" }, { "name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "tags": [ "x_transferred" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" }, { "name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" }, { "tags": [ "x_transferred" ], "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html" }, { "name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()", "tags": [ "mailing-list", "x_transferred" ], "url": "http://seclists.org/fulldisclosure/2024/Feb/3" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-18T16:41:27.031257", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update", "tags": [ "mailing-list" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html" }, { "name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2021/Jan/79" }, { "name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "name": "GLSA-202101-33", "tags": [ "vendor-advisory" ], "url": "https://security.gentoo.org/glsa/202101-33" }, { "name": "DSA-4839", "tags": [ "vendor-advisory" ], "url": "https://www.debian.org/security/2021/dsa-4839" }, { "name": "FEDORA-2021-2cb63d912a", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/" }, { "name": "FEDORA-2021-8840cbdccd", "tags": [ "vendor-advisory" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/" }, { "name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1" }, { "name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2" }, { "name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021", "tags": [ "vendor-advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM" }, { "name": "VU#794544", "tags": [ "third-party-advisory" ], "url": "https://www.kb.cert.org/vuls/id/794544" }, { "name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2021/Feb/42" }, { "name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1" }, { "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "url": "https://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html" }, { "url": "https://security.netapp.com/advisory/ntap-20210128-0002/" }, { "url": "https://security.netapp.com/advisory/ntap-20210128-0001/" }, { "url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html" }, { "url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html" }, { "url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html" }, { "url": "https://support.apple.com/kb/HT212177" }, { "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348" }, { "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability" }, { "url": "https://www.synology.com/security/advisory/Synology_SA_21_02" }, { "name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2" }, { "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" }, { "name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()", "tags": [ "mailing-list" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" }, { "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html" }, { "name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()", "tags": [ "mailing-list" ], "url": "http://seclists.org/fulldisclosure/2024/Feb/3" }, { "url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-3156", "datePublished": "2021-01-26T00:00:00", "dateReserved": "2021-01-15T00:00:00", "dateUpdated": "2024-09-18T16:41:27.031257", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Vulnerability from fkie_nvd
Published
2023-12-11 23:15
Modified
2024-11-21 06:21
Severity ?
Summary
An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)
References
Impacted products
Vendor | Product | Version | |
---|---|---|---|
beyondtrust | privilege_management_for_mac | * | |
apple | mac_os_x | * | |
apple | mac_os_x | * | |
apple | mac_os_x | * | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.13.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 | |
apple | mac_os_x | 10.14.6 |
{ "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC343748-692C-4F60-8E85-35274289A093", "versionEndExcluding": "5.7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "99973242-A249-4C34-B042-5F833AE73708", "versionEndExcluding": "10.15.5", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "2DA1C24E-B74D-4C8C-931D-AE35BFB4F0CC", "versionEndExcluding": "10.13.6", "versionStartIncluding": "10.13.0", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "3E76BECE-0843-4B9F-90DE-7690764701B0", "versionEndExcluding": "10.14.6", "versionStartIncluding": "10.14.0", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:-:*:*:*:*:*:*", "matchCriteriaId": "297D2D0C-EA9D-4B2C-9357-D88DB6C7143A", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-002:*:*:*:*:*:*", "matchCriteriaId": "0D845143-1B4D-478B-B83E-8F1664CBCAC3", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2018-003:*:*:*:*:*:*", "matchCriteriaId": "23C6DF6A-9A30-4F9E-BD9C-C19D8551C6DA", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "754A2DF4-8724-4448-A2AB-AC5442029CB7", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "D392C777-1949-4920-B459-D083228E4688", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-003:*:*:*:*:*:*", "matchCriteriaId": "68B0A232-F2A4-4B87-99EB-3A532DFA87DA", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "0DF528F7-0F1E-4E55-A088-91327E3C360C", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "E222445A-D398-47C8-9639-4BAE36B69AA1", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "9425DAC8-038D-4B09-A074-3780AED912FA", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "8EA63C1C-1EEC-4961-A7B7-439D21293B99", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "B2F5D631-2306-4526-BEE5-22456D95ABAB", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.13.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "F79B7361-F2F2-4FA6-A27D-CC8F2D37A726", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*", "matchCriteriaId": "A369D48B-6A0A-47AE-9513-D5E2E6F30931", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*", "matchCriteriaId": "510F8317-94DA-498E-927A-83D5F41AF54A", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*", "matchCriteriaId": "0D5D1970-6D2A-42CA-A203-42023D71730D", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*", "matchCriteriaId": "C68AE52B-5139-40A4-AE9A-E752DBF07D1B", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D", "vulnerable": false }, { "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in BeyondTrust Privilege Management for Mac before 5.7. An authenticated, unprivileged user can elevate privileges by running a malicious script (that executes as root from a temporary directory) during install time. (This applies to macOS before 10.15.5, or Security Update 2020-003 on Mojave and High Sierra, Later versions of macOS are not vulnerable.)" }, { "lang": "es", "value": "Se descubri\u00f3 un problema en BeyondTrust Privilege Management para Mac anterior a la versi\u00f3n 5.7. Un usuario autenticado y sin privilegios puede elevar sus privilegios ejecutando un script malicioso (que se ejecuta como ra\u00edz desde un directorio temporal) durante el tiempo de instalaci\u00f3n. (Esto se aplica a macOS anteriores a 10.15.5 o a la Actualizaci\u00f3n de seguridad 2020-003 en Mojave y High Sierra. Las versiones posteriores de macOS no son vulnerables)." } ], "id": "CVE-2021-3187", "lastModified": "2024-11-21T06:21:06.000", "metrics": { "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2023-12-11T23:15:07.530", "references": [ { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm" }, { "source": "cve@mitre.org", "tags": [ "Vendor Advisory" ], "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "https://www.beyondtrust.com/docs/release-notes/privilege-management/index.htm" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Vendor Advisory" ], "url": "https://www.beyondtrust.com/trust-center/security-advisories/bt22-06" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "NVD-CWE-noinfo" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }
Vulnerability from fkie_nvd
Published
2021-01-26 21:15
Modified
2025-01-14 19:29
Severity ?
Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
References
Impacted products
{ "cisaActionDue": "2022-04-27", "cisaExploitAdd": "2022-04-06", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Sudo Heap-Based Buffer Overflow Vulnerability", "configurations": [ { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED707F57-531B-4066-AFF0-7239F87B6BF5", "versionEndExcluding": "1.8.32", "versionStartIncluding": "1.8.2", "vulnerable": true }, { "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "38FC37F7-DE89-4078-BB55-EBFBF3A2D780", "versionEndExcluding": "1.9.5", "versionStartIncluding": "1.9.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:sudo_project:sudo:1.9.5:-:*:*:*:*:*:*", "matchCriteriaId": "436F3F62-FBA8-44CB-A5A9-AA4D7E0F9A09", "vulnerable": true }, { "criteria": "cpe:2.3:a:sudo_project:sudo:1.9.5:patch1:*:*:*:*:*:*", "matchCriteriaId": "3C21138F-EB70-4AAE-9F45-C75CCE59BA89", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true }, { "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true }, { "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*", "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:ontap_tools:9:*:*:*:*:vmware_vsphere:*:*", "matchCriteriaId": "C2D814BE-93EC-42EF-88C5-EA7E7DF07BE5", "vulnerable": true }, { "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*", "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:mcafee:web_gateway:8.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "D2039589-B543-49B6-AC5F-74C4253B416D", "vulnerable": true }, { "criteria": "cpe:2.3:a:mcafee:web_gateway:9.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "1E014E1E-0013-434F-9C59-178DAC089687", "vulnerable": true }, { "criteria": "cpe:2.3:a:mcafee:web_gateway:10.0.4:*:*:*:*:*:*:*", "matchCriteriaId": "3CE836FD-3453-4277-BC18-A4868C183F42", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:synology:diskstation_manager_unified_controller:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DA272C48-259B-4402-BB75-552B6983CD43", "vulnerable": true }, { "criteria": "cpe:2.3:o:synology:diskstation_manager:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "D9685B12-824F-42AD-B87C-6E7A78BB7FA5", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:synology:skynas_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "53EF087B-D7E9-4F9A-803A-B0260C495C67", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:synology:skynas:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0A88A76-CF8A-4D29-B480-E5317219072D", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:synology:vs960hd_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "3D0C5120-B961-440F-B454-584BC54B549C", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:synology:vs960hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "1CCBDFF9-AF42-4681-879B-CF789EBAD130", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_mac:*:*:*:*:*:*:*:*", "matchCriteriaId": "38A18800-4BB0-46A1-BD9D-78EC7A07E7B9", "versionEndExcluding": "21.1.1", "vulnerable": true }, { "criteria": "cpe:2.3:a:beyondtrust:privilege_management_for_unix\\/linux:*:*:*:*:basic:*:*:*", "matchCriteriaId": "48DC5B58-0E31-480E-BF05-787287DFF42B", "versionEndExcluding": "10.3.2-10", "vulnerable": true } ], "negate": false, "operator": "OR" } ] }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:micros_compact_workstation_3_firmware:310:*:*:*:*:*:*:*", "matchCriteriaId": "1CE3FF32-E472-4E90-9DE5-803AD6FD9E27", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:oracle:micros_compact_workstation_3:-:*:*:*:*:*:*:*", "matchCriteriaId": "7DA4F0AD-B8A4-4EB9-A220-FEEC9B147D3C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:micros_es400_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "9AA5297B-05DF-4A23-B684-60F2107339B0", "versionEndIncluding": "410", "versionStartIncluding": "400", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:oracle:micros_es400:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2BBD07A-4731-41D1-AB66-77082951D99C", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:micros_kitchen_display_system_firmware:210:*:*:*:*:*:*:*", "matchCriteriaId": "57E6A365-F04F-4991-888F-D8E9391A9857", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:oracle:micros_kitchen_display_system:-:*:*:*:*:*:*:*", "matchCriteriaId": "D1424AF8-9337-427B-B6FA-C5EB8B201FB7", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:micros_workstation_5a_firmware:5a:*:*:*:*:*:*:*", "matchCriteriaId": "C78FDD3A-F241-4172-8725-7D51D8E705E7", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:oracle:micros_workstation_5a:-:*:*:*:*:*:*:*", "matchCriteriaId": "F607BA3F-246F-42BE-9EBD-A2CAE098C0C2", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:o:oracle:micros_workstation_6_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "D59535D6-8D64-4B8F-BC1B-5846600C9F81", "versionEndIncluding": "655", "versionStartIncluding": "610", "vulnerable": true } ], "negate": false, "operator": "OR" }, { "cpeMatch": [ { "criteria": "cpe:2.3:h:oracle:micros_workstation_6:-:*:*:*:*:*:*:*", "matchCriteriaId": "82A66154-5DF0-43FF-9F70-1221D3E6F919", "vulnerable": false } ], "negate": false, "operator": "OR" } ], "operator": "AND" }, { "nodes": [ { "cpeMatch": [ { "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D", "versionEndIncluding": "10.3.0.2.1", "versionStartIncluding": "10.3.0.0.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B", "versionEndIncluding": "10.4.0.3.1", "versionStartIncluding": "10.4.0.1.0", "vulnerable": true }, { "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*", "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40", "versionEndIncluding": "7.7.1", "versionStartIncluding": "7.4.0", "vulnerable": true } ], "negate": false, "operator": "OR" } ] } ], "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character." }, { "lang": "es", "value": "Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de b\u00fafer basado en la pila, lo que permite la escalada de privilegios a root a trav\u00e9s de \"sudoedit -s\" y un argumento de l\u00ednea de comandos que termina con un solo car\u00e1cter de barra invertida" } ], "id": "CVE-2021-3156", "lastModified": "2025-01-14T19:29:55.853", "metrics": { "cvssMetricV2": [ { "acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false } ], "cvssMetricV31": [ { "cvssData": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary" } ] }, "published": "2021-01-26T21:15:12.987", "references": [ { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2021/Feb/42" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2021/Jan/79" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2024/Feb/3" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" }, { "source": "cve@mitre.org", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" }, { "source": "cve@mitre.org", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Release Notes" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/" }, { "source": "cve@mitre.org", "tags": [ "Mailing List", "Release Notes" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202101-33" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210128-0001/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210128-0002/" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT212177" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4839" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/794544" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "cve@mitre.org", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "cve@mitre.org", "tags": [ "Release Notes" ], "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "source": "cve@mitre.org", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_21_02" }, { "source": "cve@mitre.org", "tags": [ "Exploit", "Third Party Advisory" ], "url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Third Party Advisory", "VDB Entry" ], "url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2021/Feb/42" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2021/Jan/79" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://seclists.org/fulldisclosure/2024/Feb/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/01/27/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/02/15/1" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Patch", "Third Party Advisory" ], "url": "http://www.openwall.com/lists/oss-security/2021/09/14/2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/6" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List" ], "url": "http://www.openwall.com/lists/oss-security/2024/01/30/8" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Broken Link", "Third Party Advisory" ], "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Third Party Advisory" ], "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Release Notes" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Mailing List", "Release Notes" ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.gentoo.org/glsa/202101-33" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210128-0001/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://security.netapp.com/advisory/ntap-20210128-0002/" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://support.apple.com/kb/HT212177" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.debian.org/security/2021/dsa-4839" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory", "US Government Resource" ], "url": "https://www.kb.cert.org/vuls/id/794544" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Exploit", "Mailing List", "Third Party Advisory" ], "url": "https://www.openwall.com/lists/oss-security/2021/01/26/3" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Patch", "Third Party Advisory" ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Release Notes" ], "url": "https://www.sudo.ws/stable.html#1.9.5p2" }, { "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": [ "Third Party Advisory" ], "url": "https://www.synology.com/security/advisory/Synology_SA_21_02" } ], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [ { "description": [ { "lang": "en", "value": "CWE-193" } ], "source": "nvd@nist.gov", "type": "Primary" } ] }