Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Sudo
(Sudo_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 22 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-11-04 | CVE-2005-4890 | There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. | Debian_linux, Shadow, Enterprise_linux, Sudo | N/A | ||
| 2017-06-05 | CVE-2017-1000368 | Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. | Sudo | 8.2 | ||
| 2017-10-10 | CVE-2015-8239 | The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. | Sudo | 7.0 | ||
| 2015-11-17 | CVE-2015-5602 | sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." | Sudo | N/A | ||
| 2017-04-24 | CVE-2014-9680 | sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. | Sudo | 3.3 |