U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:todd_miller:sudo:1.7.2p1
There are 11 matching records.
Displaying matches 1 through 11.
Vuln ID Summary CVSS Severity
CVE-2014-0106

Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.

Published: March 11, 2014; 3:37:03 PM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Published: April 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Published: April 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

Published: April 08, 2013; 1:55:01 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Published: March 05, 2013; 4:38:56 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

Published: January 20, 2011; 2:00:07 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2011-0010

check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

Published: January 18, 2011; 1:03:08 PM -0500
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Published: September 10, 2010; 3:00:02 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

Published: June 07, 2010; 1:12:48 PM -0400
V3.x:(not available)
V2.0: 6.2 MEDIUM
CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

Published: April 16, 2010; 3:30:00 PM -0400
V3.x:(not available)
V2.0: 6.9 MEDIUM
CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.

Published: February 24, 2010; 1:30:00 PM -0500
V3.x:(not available)
V2.0: 6.9 MEDIUM