This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sudo Project First view 2015-11-17
Product Sudo Last view 2020-01-29
Version 1.8.5 Type Application
Update -  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:sudo_project:sudo

Activity : Overall

Related : CVE

  Date Alert Description
7.8 2020-01-29 CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

7 2019-11-04 CVE-2019-18684

** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers.

8.8 2019-10-17 CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

7.8 2018-05-29 CVE-2016-7076

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

8.2 2017-06-05 CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

6.4 2017-06-05 CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

3.3 2017-04-24 CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

7.2 2015-11-17 CVE-2015-5602

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

CWE : Common Weakness Enumeration

%idName
25% (2) CWE-362 Race Condition
12% (1) CWE-787 Out-of-bounds Write
12% (1) CWE-755 Improper Handling of Exceptional Conditions
12% (1) CWE-264 Permissions, Privileges, and Access Controls
12% (1) CWE-200 Information Exposure
12% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...
12% (1) CWE-20 Improper Input Validation

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1380.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-04.nasl - Type: ACT_GATHER_INFO
2017-08-15 Name: The remote host running McAfee Web Gateway is affected by multiple code execu...
File: mcafee_web_gateway_sb10205.nasl - Type: ACT_GATHER_INFO
2017-07-31 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0125.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8b250ebe97.nasl - Type: ACT_GATHER_INFO
2017-07-14 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2016-2872.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1382.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1121.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1120.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-855.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1778-1.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1771-1.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote Debian host is missing a security update.
File: debian_DLA-1011.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-744.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170623_sudo_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0114.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1627-1.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1626-1.nasl - Type: ACT_GATHER_INFO
2017-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2017-facd994774.nasl - Type: ACT_GATHER_INFO