Sebastien Macke

**Name of the Vulnerable Software and Affected Versions** Linux-PAM versions prior to 1.2.1 **Description** The issue allows local users to enumerate usernames or cause a denial of service via a large password when the unix run helper binary function in the pam unix module is unable to directly access passwords. **Recommendations** For versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** sudo versions prior to 1.8.5 sudo-debuginfo-1.7.2p1 sudo-1.7.2p1 **Description** The issue allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable, potentially leading to a breach of confidentiality, integrity, and availability of protected information. This can be exploited locally by an authenticated attacker. **Recommendations** For versions prior to 1.8.5, update to version 1.8.5 or later to resolve the issue. For sudo-debuginfo-1.7.2p1 and sudo-1.7.2p1, update to a version that includes the fix for this issue, as these specific versions are affected. As a temporary workaround, consider enabling the env reset option to minimize the risk of exploitation.