Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sudo
(Sudo_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 21 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-01-26 | CVE-2021-3156 | Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. | Privilege_management_for_mac, Privilege_management_for_unix\/linux, Debian_linux, Fedora, Web_gateway, Active_iq_unified_manager, Cloud_backup, Hci_management_node, Oncommand_unified_manager_core_package, Ontap_select_deploy_administration_utility, Ontap_tools, Solidfire, Communications_performance_intelligence_center, Micros_compact_workstation_3_firmware, Micros_es400_firmware, Micros_kitchen_display_system_firmware, Micros_workstation_5a_firmware, Micros_workstation_6_firmware, Tekelec_platform_distribution, Sudo, Diskstation_manager, Diskstation_manager_unified_controller, Skynas_firmware, Vs960hd_firmware | 7.8 | ||
| 2021-01-12 | CVE-2021-23239 | The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. | Debian_linux, Fedora, Cloud_backup, Hci_management_node, Solidfire, Sudo | 2.5 | ||
| 2021-01-12 | CVE-2021-23240 | selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. | Fedora, Hci_management_node, Solidfire, Sudo | 7.8 | ||
| 2022-11-02 | CVE-2022-43995 | Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. | Sudo | 7.1 | ||
| 2023-01-18 | CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim --... | Macos, Debian_linux, Fedora, Sudo | 7.8 | ||
| 2023-02-28 | CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | Fedora, Sudo | 7.2 | ||
| 2023-03-16 | CVE-2023-28486 | Sudo before 1.9.13 does not escape control characters in log messages. | Active_iq_unified_manager, Sudo | 5.3 | ||
| 2023-03-16 | CVE-2023-28487 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. | Active_iq_unified_manager, Sudo | 5.3 | ||
| 2023-12-22 | CVE-2023-42465 | Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. | Sudo | 7.0 | ||
| 2023-12-23 | CVE-2023-7090 | A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. | Sudo | 8.8 |