This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Todd Miller First view 2005-03-01
Product Sudo Last view 2013-04-08
Version 1.5.9 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:todd_miller:sudo

Activity : Overall

Related : CVE

  Date Alert Description
4.4 2013-04-08 CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

6.9 2011-01-20 CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

6.2 2007-08-13 CVE-2007-4305

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

7.2 2006-01-09 CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

4.6 2005-12-10 CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

3.7 2005-06-20 CVE-2005-1993

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

2.1 2005-05-02 CVE-2005-1119

Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.

7.2 2005-03-01 CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

CWE : Common Weakness Enumeration

%idName
100% (1) CWE-264 Permissions, Privileges, and Access Controls

Open Source Vulnerability Database (OSVDB)

id Description
51736 sudo parse.c System Group Interpretation Local Privilege Escalation
39589 Multiple BSD Systrace Sysjail Policies Race Condition Access Control Policy B...
39588 Multiple BSD Sudo Monitor Mode Race Condition Access Control Policy Bypass
20764 Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation
17396 Sudo sudoers ALL Entry Race Condition
16611 Sudo VISudo Symlink Arbitrary File Corruption
11716 sudo Bash Script Subversion Arbitrary Command Execution

OpenVAS Exploits

id Description
2011-01-24 Name : Fedora Update for sudo FEDORA-2011-0455
File : nvt/gb_fedora_2011_0455_sudo_fc13.nasl
2011-01-24 Name : Mandriva Update for sudo MDVSA-2011:018 (sudo)
File : nvt/gb_mandriva_MDVSA_2011_018.nasl
2011-01-21 Name : Fedora Update for sudo FEDORA-2011-0470
File : nvt/gb_fedora_2011_0470_sudo_fc14.nasl
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for sudo
File : nvt/sles9p5019263.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200506-22 (sudo)
File : nvt/glsa_200506_22.nasl
2008-09-04 Name : FreeBSD Ports: sudo
File : nvt/freebsd_sudo0.nasl
2008-09-04 Name : FreeBSD Ports: sudo
File : nvt/freebsd_sudo2.nasl
2008-01-17 Name : Debian Security Advisory DSA 596-1 (sudo)
File : nvt/deb_596_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 596-2 (sudo)
File : nvt/deb_596_2.nasl
2008-01-17 Name : Debian Security Advisory DSA 735-1 (sudo)
File : nvt/deb_735_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 946-1 (sudo)
File : nvt/deb_946_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 946-2 (sudo)
File : nvt/deb_946_2.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-045-08 sudo
File : nvt/esoft_slk_ssa_2006_045_08.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0079.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2013-1701.nasl - Type: ACT_GATHER_INFO
2014-11-08 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2013-1527.nasl - Type: ACT_GATHER_INFO
2014-01-22 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201401-23.nasl - Type: ACT_GATHER_INFO
2013-12-14 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2013-259.nasl - Type: ACT_GATHER_INFO
2013-12-10 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20131121_sudo_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2013-11-27 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2013-1701.nasl - Type: ACT_GATHER_INFO
2013-11-21 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2013-1701.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing a security update.
File: oraclelinux_ELSA-2009-0267.nasl - Type: ACT_GATHER_INFO
2013-05-16 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_sudo-8562.nasl - Type: ACT_GATHER_INFO
2013-05-16 Name: The remote SuSE 11 host is missing a security update.
File: suse_11_sudo-130430.nasl - Type: ACT_GATHER_INFO
2013-03-11 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-2642.nasl - Type: ACT_GATHER_INFO
2013-03-07 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2013-065-01.nasl - Type: ACT_GATHER_INFO
2012-01-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-773.nasl - Type: ACT_GATHER_INFO
2011-01-28 Name: The remote Mandriva Linux host is missing a security update.
File: mandriva_MDVSA-2011-018.nasl - Type: ACT_GATHER_INFO
2011-01-24 Name: The remote Fedora host is missing a security update.
File: fedora_2011-0455.nasl - Type: ACT_GATHER_INFO
2011-01-19 Name: The remote Fedora host is missing a security update.
File: fedora_2011-0470.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-722-1.nasl - Type: ACT_GATHER_INFO
2009-02-06 Name: The remote Red Hat host is missing a security update.
File: redhat-RHSA-2009-0267.nasl - Type: ACT_GATHER_INFO
2006-12-16 Name: The remote Mandrake Linux host is missing a security update.
File: mandrake_MDKSA-2006-159.nasl - Type: ACT_GATHER_INFO
2006-10-14 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-946.nasl - Type: ACT_GATHER_INFO
2006-07-03 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2005-535.nasl - Type: ACT_GATHER_INFO
2006-02-15 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2006-045-08.nasl - Type: ACT_GATHER_INFO
2006-01-21 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-235-1.nasl - Type: ACT_GATHER_INFO