U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:sudo_project:sudo:1.8.9
There are 18 matching records.
Displaying matches 1 through 18.
Vuln ID Summary CVSS Severity
CVE-2023-7090

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

Published: December 23, 2023; 6:15:07 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)
CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

Published: December 22, 2023; 11:15:08 AM -0500
V3.1: 7.0 HIGH
V2.0:(not available)
CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

Published: March 15, 2023; 9:15:47 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-28486

Sudo before 1.9.13 does not escape control characters in log messages.

Published: March 15, 2023; 9:15:47 PM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Published: January 18, 2023; 12:15:10 PM -0500
V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

Published: November 02, 2022; 10:15:16 AM -0400
V3.1: 7.1 HIGH
V2.0:(not available)
CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

Published: January 26, 2021; 4:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2021-23240

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

Published: January 12, 2021; 4:15:14 AM -0500
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Published: January 12, 2021; 4:15:14 AM -0500
V3.1: 2.5 LOW
V2.0: 1.9 LOW
CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

Published: January 29, 2020; 1:15:12 PM -0500
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-18684

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers

Published: November 04, 2019; 11:15:11 AM -0500
V3.1: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

Published: October 17, 2019; 2:15:12 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.0 HIGH
CVE-2016-7076

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

Published: May 29, 2018; 9:29:00 AM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

Published: October 10, 2017; 12:29:00 PM -0400
V3.0: 7.0 HIGH
V2.0: 6.9 MEDIUM
CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Published: June 05, 2017; 12:29:00 PM -0400
V3.0: 8.2 HIGH
V2.0: 7.2 HIGH
CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

Published: June 05, 2017; 10:29:00 AM -0400
V3.0: 6.4 MEDIUM
V2.0: 6.9 MEDIUM
CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

Published: April 24, 2017; 2:59:00 AM -0400
V3.0: 3.3 LOW
V2.0: 2.1 LOW
CVE-2015-5602

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

Published: November 17, 2015; 10:59:10 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH