справочная по лекарствам в аптеках санкт-петербурга
Главное меню:
Интересное
справочная по лекарствам в аптеках санкт-петербурга, How a 12-year-old bug in Sudo is still haunting Linux users, CVE-2025-32463 Privilege Escalation in SUDO Triggers Urgent , Critical Sudo Vulnerabilities Let Local Users Gain Root , Two Critical Sudo Privilege Escalation Flaws Patched, Two Sudo Vulnerabilities Discovered and Patched - Slashdot, New sudo Vulnerabilities Let Attackers Gain Root Access (CVE , Critical Sudo Flaw (CVE-2025-32463, CVSS 9.3): Root Privilege .
Threat Group: General Operating System ThreatThreat Type: Privilege Escalation VulnerabilitiesExploited Vulnerabilities: CVE-2025-32462, CVE-2025-32463, CVE-2025-46718Malware Used: NoneThreat Score: 🔥 Critical (9.3/10)Last Threat Observation: July 1 , 2025 OverviewRecent critical vulnerabilities have been identified in the sudo utility and its Rust-based counterpart, sudo-rs, posing significant threats to Unix and Linux systems. CVE-2025-32463 allows for unauthorized root access through the --chroot option, even for unprivileged users not listed in sudoers. CVE-2025-32462 enables host restriction bypass in distributed sudoers environments. CVE-2025-46718 in sudo-rs permits privilege enumeration, aiding attackers in reconnaissance.These vulnerabilities affect both the standard sudo and the Rust-based sudo-rs implementations. Attackers may gain unauthorized root access, bypass security restrictions, or enumerate privileged users. The flaws were disclosed by security researcher Rich Mirch from Stratascale Cyber Research Unit.Immediate patching to sudo version 1.9.17p1 or higher and sudo-rs version 0.2.6 or higher is imperative. A robust defense strategy also requires sudoers hardening, enhanced logging and monitoring, and the use of Mandatory Access Control frameworks like SELinux or AppArmor.Key DetailsDelivery Method: Local execution by authenticated usersTarget: Unix and Linux systems using affected sudo versionsFunctions:Unauthorized root shell accessHost-based rule bypassSudoers privilege enumerationArbitrary command execution as rootConfiguration exploitation via NSS loadingObfuscation: None required. Exploits involve misuse of command-line flags and crafted configuration files.Attack VectorsCVE-2025-32463: A critical flaw in sudo's --chroot option lets unprivileged users gain root by loading a malicious nsswitch.conf and arbitrary shared libraries. It affects versions 1.9.14 through 1.9.17.CVE-2025-32462: Host restriction bypass via misuse of the -h or --host option. Affects versions 1.8.8 through 1.9.17. The flaw remained in sudo for over a decade.CVE-2025-46718: Affects sudo-rs versions before 0.2.6. Limited-privilege users can list other users’ sudo permissions using the -U flag, aiding reconnaissance.Vendor Advisory and Patch Links, Two flaws, one undetected for over a decade, allow unintended root access on Ubuntu and Debian systems, prompting urgent patching across enterprise environments., CVE-2025-46718 in sudo-rs permits privilege enumeration, aiding attackers in reconnaissance. These vulnerabilities affect both the standard sudo and the Rust-based sudo-rs implementations. Attackers may gain unauthorized root access, bypass security restrictions, or enumerate privileged users..
Cybersecurity researchers have disclosed two security flaws in the Sudo command-line utility for Linux and Unix-like operating systems that could enable local attackers to escalate their privileges to root on susceptible machines. A brief description of the vulnerabilities is below - Sudo is a , The CVE‑2025‑32462 and CVE‑2025‑32463 vulnerabilities—let’s call them sudo local privilege escalation (LPE) flaws—allow any local unprivileged user (someone without administrative permissions and not in the sudoers group) to run code as root., In April researchers responsibly disclosed two security flaws found in Sudo "that could enable local attackers to escalate their privileges to root on susceptible machines," reports The Hacker News. "The vulnerabilities have been addressed in Sudo version 1.9.17p1 released late last month." Strat, In short Two significant vulnerabilities were discovered in sudo and patched in version 1.9.17p1 (June 2025). The first, CVE-2025-32462, known as a “Policy-Check Flaw”, is rated high severity and affects versions 1.8.8 through 1.9.17. It allows attackers to bypass host checks and execute commands as root., Two Sudo flaws (CVE-2025-32463 & CVE-2025-32462) allow local users full root via PoC. Critical privilege escalation vulnerabilities revealed by Stratascale CRU., .