188金宝搏的网址_188金博的官方网址导航

-----BEGIN PGP签名消息-----哈希:SHA256 Aruba Product Security Advisory =============================== Advisory ID: Aruba - psa -2021-014 CVE: CVE-2021-3156发布日期:2021-Aug-03状态:已确认的严重性:高修订:1标题=====分析和位置引擎(ALE)中Sudo特权升级漏洞概述======== Aruba发布了分析和位置引擎(ALE)的更新，解决了Sudo实用程序中的安全漏洞以下版本:- ALE 2.1.0。* 2.1.0.4之前- ALE 2.0.0。*详细信息= = = = = = = Sudo特权升级漏洞又名“男爵Samedit”(cve - 2021 - 3156 ) --------------------------------------------------------------------- 命令行参数解析代码的漏洞sudo允许攻击者访问执行sudo命令或使用root特权的二进制文件。ALE不允许在正常操作期间访问本地shell命令，因此此漏洞的主要影响将作为“链式攻击”的一部分，在这种攻击中，攻击者通过另一个漏洞以较低的特权获得立足点，然后使用此漏洞升级特权。内部参考:atll -217严重性:高CVSSv3总分:7.8 CVSS矢量:CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H发现:此漏洞由Qualys研究团队发现并发布。解决方案==========此通知中包含的漏洞可以通过打补丁或升级到下面列出的ALE版本之一——ALE 2.2.0来解决。*: 2.2.0.0及以上- ALE 2.1.0。*: 2.1.0.4及以上解决方案==========无。开发和公共讨论==================================有关于“Baron Samedit”漏洞在包含sudo的脆弱系统中被利用的讨论。然而，利用显然需要在受影响的系统上滥用较低的特权帐户，而Aruba没有已知的针对ALE使用这种情况的具体实例。 Revision History ================ Revision 1 / 2021-Aug-03 / Initial release Aruba SIRT Security Procedures ============================== Complete information on reporting security vulnerabilities in Aruba Networks products and obtaining assistance with security incidents is available at: //www.nexbus-cng.com/support-services/security-bulletins/ For reporting *NEW* Aruba Networks security issues, email can be sent to aruba-sirt(at)hpe.com. For sensitive information we encourage the use of PGP encryption. Our public keys can be found at: //www.nexbus-cng.com/support-services/security-bulletins/ (c) Copyright 2021 by Aruba, a Hewlett Packard Enterprise company. This advisory may be redistributed freely after the release date given at the top of the text, provided that the redistributed copies are complete and unmodified, including all data and version information. -----BEGIN PGP SIGNATURE----- iQFLBAEBCAA1FiEEMd5pP5EnbG7Y0fo5mP4JykWFhtkFAmD4jHwXHHNpcnRAYXJ1 YmFuZXR3b3Jrcy5jb20ACgkQmP4JykWFhtlADgf+IIr6uquEs+9/v5sifqZvfeB1 6QMvZCF85gmCLg8dguKm3tCRBFPJ6SDCEXe+hV5GnVNb2etJXxpBSWAyT5l043J1 IeN2hwZp1xMVK3FSywQZQ06xQbMEtGXJqVlqfKInt2qlghkORv/sxWQvrpNlCe8V KQ2zgjjSKz/j3ejGsX2Nqw914Qx/FbFbGNELM78+bA4UQ+azDEGOMMLYM3QYZX1j Uj9zhH+bwiQikxndrcnlOeBf7OU3PB6n6ASYQJUshue8DU0qAfuauE58eM1aWXlk io8/Q/jaSQSfcJljXSwJm5tBv1lnoETOJqVO0Z9kQ5cuCjiR0nxKq5obXrXMBQ== =OKnr -----END PGP SIGNATURE-----