Lucene search

K

Gentoo FoundationMGASA-2019-0298

HistoryOct 17, 2019 - 1:22 a.m.

Updated sudo packages fix security vulnerability

2019-10-1701:22:41

Gentoo Foundation

advisories.mageia.org

14

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.283 Low

EPSS

Percentile

96.9%

The updated packages fix a security vulnerability: Potential bypass of Runas user restrictions. (CVE-2019-14287)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchsudo< 1.8.28-1sudo-1.8.28-1.mga7

References

bugs.mageia.org/show_bug.cgi?id=25568

www.sudo.ws/alerts/minus_1_uid.html

www.sudo.ws/stable.html#1.8.28

9 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.283 Low

EPSS

Percentile

96.9%