Joe Vennix

**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.8.28 **Description** The issue allows an attacker with access to a Runas ALL sudoer account to bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID, such as `-1` or `4294967295`. This can enable the execution of commands as root even when restricted. The vulnerability exists due to insufficient input validation in Sudo. **Recommendations** For Sudo versions prior to 1.8.28, update to version 1.8.28 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `sudo` command with crafted user IDs, such as `-1` or `4294967295`, to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** dbus versions 1.10.28 and earlier, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12 **Description** The issue is related to the DBUS COOKIE SHA1 authentication mechanism in the libdbus library, which is used in DBusServer in Canonical Upstart in Ubuntu 14.04. A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. This could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass. **Recommendations** For dbus versions 1.10.28 and earlier, update to version 1.10.28 or later. For dbus 1.12.x prior to 1.12.16, update to version 1.12.16 or later. For dbus 1.13.x prior to 1.13.12, update to version 1.13.12 or later. As a temporary workaround, consider restricting access to the ~/.dbus-keyrings directory to prevent symlink manipulation.

**Name of the Vulnerable Software and Affected Versions** Sudo versions prior to 1.8.31 **Description** The issue is related to a stack-based buffer overflow in the privileged sudo process when the pwfeedback option is enabled in /etc/sudoers. This option is not enabled by default but is active in some distributions like Linux Mint and Elementary OS. An attacker can trigger the buffer overflow by delivering a long string to the stdin of getln() in tgetpass.c. This can potentially allow a low-privileged user to execute arbitrary commands with root privileges. **Recommendations** To resolve the issue, update to Sudo version 1.8.31 or later. As a temporary workaround, consider disabling the pwfeedback option in /etc/sudoers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iOS versions prior to 9 WebKit, as used in Apple iTunes versions prior to 12.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is due to insufficient input validation in the WebKit component. **Recommendations** For iOS versions prior to 9, update to version 9 or later. For iTunes versions prior to 12.3, update to version 12.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 12.3 **Description** The issue allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash. This is related to vectors involving iTunes Store browsing. The vulnerability is caused by a buffer overflow in the WebKit component. Exploitation can enable a remote attacker to execute arbitrary code or cause a denial of service by manipulating functions related to iTunes Store browsing. **Recommendations** For versions prior to 12.3, update to version 12.3 or later to resolve the issue. As a temporary workaround, consider restricting access to iTunes Store browsing functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** WebKit, as used in Apple iOS versions prior to 9 WebKit, as used in Apple iTunes versions prior to 12.3 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is due to insufficient input validation in the WebKit component. **Recommendations** For iOS versions prior to 9, update to version 9 or later. For iTunes versions prior to 12.3, update to version 12.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple Safari versions prior to 6.2.6 Apple Safari versions 7.x prior to 7.1.6 Apple Safari versions 8.x prior to 8.0.6 **Description** The issue allows remote attackers to bypass the Same Origin Policy and read arbitrary files via a crafted web site. This is related to the history implementation in WebKit. **Recommendations** For Apple Safari versions prior to 6.2.6, update to version 6.2.6 or later. For Apple Safari versions 7.x prior to 7.1.6, update to version 7.1.6 or later. For Apple Safari versions 8.x prior to 8.0.6, update to version 8.0.6 or later.