Sudo stack based buffer overflow vulnerability pwfeedback

Description of the vulnerability: A stack-based buffer overflow vulnerability was discovered in sudo, a program designed to provide limited super user privileges to specific users, triggerable when configured with the “pwfeedback” option enabled. An unprivileged user can take advantage of this flaw to obtain full root privileges. If enabled, users can trigger a stack-based buffer overflow in the privileged sudo

Read more

PPPD Remote Code Execution Vulnerability “Ghostcat”

Snippet of the vulnerability from the Qualys report. ID: CVE-2020-8597Title: pppd EAP Processing Buffer Overflow Vulnerability (“Ghostcat”)Vendor: Multi-VendorDescription: pppd (Point to Point Protocol Daemon) is vulnerable to buffer overflow due to a flaw in Extensible Authentication Protocol (EAP) packet processing in eap_request and eap_response subroutines. The vulnerability is in the logic of the eap parsing code. By sending an unsolicited

Read more