Session File Relative Path Traversal in sudo-rs

Session File Relative Path Traversal in sudo-rs

Open Source Security 

Posted by Alan Coopersmith on Nov 02

[I’m not involved with this project or disclosure, but saw it go by and
thought it worth mentioning here.]

https://github.com/memorysafety/sudo-rs/security/advisories/GHSA-2r3c-m6v7-9354
discloses CVE-2023-42456 in versions 0.2.0 & older of the Rust rewrite of sudo.

This vulnerability requires two pre-conditions:

1) Your OS allows usernames containing both ‚.‘ and ‚/‘ characters.

2) Your site allows users to…
 Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert