AL2021_01 Heap Buffer Overflow Vulnerability in Sudo (27th January, 2021)

A heap buffer overflow vulnerability in sudo that can be used to elevate privileges to root on the host system has been discovered by researchers.

Sudo is a command-line utility widely used on Linux and Unix Operating Systems designed to give trusted users administrative privileges when needed. This vulnerability has been given the name Baron Samedit and affects sudo versions 1.8.2 to 1.8.31p2 and 1.9.0 to 1.9.5p1.

How it Works

Update: FortiOS vulnerability allows system files to be leaked through SSL VPNs via specially made HTTP resource requests. (November 26, 2020)

A path traversal vulnerability in the FortiOS SSL VPN web portal may allow attackers to gain unauthorized access to system files. This is done through specially crafted HTTP resource requests. The vulnerability as been classified as CVE-2018-13379.

The affected products are: