Sudo
(Sudo_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | ID | Summary | Products | Score | Patch |
|---|---|---|---|---|---|
| 2020-01-29 | CVE-2019-18634 | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. | Debian_linux, Sudo | N/A | |
| 2019-11-04 | CVE-2019-18684 | ** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would... | Sudo | N/A | |
| 2019-11-04 | CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | Debian_linux, Shadow, Enterprise_linux, Sudo | N/A | |
| 2019-10-17 | CVE-2019-14287 | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. | Ubuntu_linux, Debian_linux, Fedora, Element_software_management_node, Leap, Sudo | N/A | |
| 2017-06-05 | CVE-2017-1000367 | Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. | Sudo | 6.4 | |
| 2017-06-05 | CVE-2017-1000368 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | Sudo | 8.2 | |
| 2018-05-29 | CVE-2016-7076 | sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. | Sudo | 7.8 | |
| 2017-10-10 | CVE-2015-8239 | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | Sudo | 7.0 | |
| 2015-11-17 | CVE-2015-5602 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | Sudo | N/A | |
| 2017-04-24 | CVE-2014-9680 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | Sudo | 3.3 |