by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
40 packages
- tests.hardeningFlags-clang.allExplicitDisabledShadowStack
- tests.hardeningFlags-clang.shadowStackExplicitDisabled
- tests.hardeningFlags-clang.shadowStackExplicitEnabled
- tests.hardeningFlags.allExplicitDisabledShadowStack
- tests.hardeningFlags-gcc.shadowStackExplicitEnabled
- tests.hardeningFlags.shadowStackExplicitEnabled
- tests.hardeningFlags-gcc.shadowStackExplicitDisabled
- tests.hardeningFlags.shadowStackExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledShadowStack
- obs-studio-plugins.obs-stroke-glow-shadow
- su
- qsudo
- sudo-rs
- psudohash
- shadowenv
- shadowfox
- sudo-font
- shadow-tls
- darwin.sudo
- gnome-sudoku
- doas-sudo-shim
- lxqt.lxqt-sudo
- go-shadowsocks2
- shadowsocks-rust
- yaziPlugins.sudo
- shadowsocks-libev
- libsForQt5.ksudoku
- kdePackages.ksudoku
- typstPackages.shadowed
- plasma5Packages.ksudoku
- shadowsocks-v2ray-plugin
- fishPlugins.plugin-sudope
- haskellPackages.shadowsocks
- typstPackages.shadowed_0_1_0
- shadow
- haskellPackages.Unixutils-shadow
- wayfirePlugins.wayfire-shadows
- typstPackages.shadowed_0_2_0
- typstPackages.shadowed_0_1_2
- typstPackages.shadowed_0_1_1
- @LeSuisse added package shadow
- @LeSuisse dismissed
There is a possible tty hijacking in shadow 4.x before …
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890 x_refsource_MISC
- https://access.redhat.com/security/cve/cve-2005-4890 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2012/11/06/8 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/05/20/3 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/11/28/10 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/11/29/5 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2014/10/20/9 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2014/10/21/1 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2016/02/25/6 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2014/12/15/5 x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2005-4890 x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2014/12/15/5 x_transferred x_refsource_MISC
- https://security-tracker.debian.org/tracker/CVE-2005-4890 x_transferred x_refsource_MISC
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890 x_transferred x_refsource_MISC
- https://access.redhat.com/security/cve/cve-2005-4890 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2012/11/06/8 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/05/20/3 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/11/28/10 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2013/11/29/5 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2014/10/20/9 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2014/10/21/1 x_transferred x_refsource_MISC
- http://www.openwall.com/lists/oss-security/2016/02/25/6 x_transferred x_refsource_MISC
Affected products
sudo
- ==1.x before 1.7.4
shadow
- ==4.x before 4.1.5
Matching in nixpkgs
pkgs.sudo
Command to run commands as root
Package maintainers
-
@rhendric Ryan Hendrickson