CVE-2022-39245 Makedeb is the command-line interface for the Package Repository. An earlier version of the package could be abused by a local user to run commands with root permissions.

The `sudo` patch does not automatically grant root privileges to the current user. In order to run `sudo` commands as the current user, the user must manually grant the user permission to run `sudo` by adding a line to the `sudo` configuration file: Defaults env_reset, user_reset If the user is not allowed to create or modify files on the system, an error will be returned instead of the desired result. -------------

CVE-2022-39246

The `sudo` patch does not automatically assign privileges to the calling user. This can lead to privilege escalation if a local application is crafted to gain root privileges with the `sudo` command. In order to run `sudo` commands as the current user, the user must manually assign privileges to their account by adding a line to the `sudo` configuration file: Defaults env_reset, user_setenv -------------

Common Vulnerability Scoring Systems (CVSS)

The Common Vulnerability Scoring System (CVSS) is a standardized method for describing the severity of security vulnerabilities using a numerical score. It allows computer system administrators and end users to evaluate the risk associated with a given vulnerability.
According to CVSS, an exploit which leads to remote code execution can receive a 10 severity rating. An exploit which leads to privilege escalation instead has a 7 severity rating. For example, if a user had access to arbitrary files in their home directory, that would be considered an 8 for privilege escalation. -------------

CVE-2023-39246

Multiple vulnerabilities in the `sudo` utility allow a local attacker to gain root privileges on a target machine without direct user interaction. -------------

How to Outsource SEO Correctly & Avoid the 5 Most Common Mistakes
SEO is one of the most essential things that your company needs for success, and it can be harder than most small businesses imagine. From keyword research to content evaluation, from page optimization to internal linking, it's easy for companies to end up with a generic web presence that doesn't inspire engagement or drive conversions. Outsourcing these tasks is a great idea as it allows you to focus on what you're good at while someone else handles all of the tedious work. It also means less of your time is spent doing something that doesn't directly impact your business's success rate.
If you're worried about your company not having time or skill set necessary for effective SEO strategies, then outsource those tasks in order to focus more on what your company does best: market and sell!

sudo: no root access? no problem!

The `sudo` patch does not automatically grant root privileges to the current user. In order to run `sudo` commands as the current user, the user must manually grant the user permission to run `sudo` by adding a line to the `sudo` configuration file: Defaults env_reset, user_reset If the user is not allowed to create or modify files on the system, an error will be returned instead of the desired result.
If you are trying to run a command that requires root access but don't have it, such as sudo su -c "command," this is what you need!

Timeline

Published on: 09/26/2022 14:15:00 UTC
Last modified on: 09/28/2022 19:31:00 UTC

References

• https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6
• https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67
• https://github.com/makedeb/mist/releases/tag/v0.9.5
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-39245