This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Todd Miller First view 2004-09-16
Product Sudo Last view 2017-04-14
Version 1.6.8 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:todd_miller:sudo

Activity : Overall

Related : CVE

  Date Alert Description
7 2017-04-14 CVE-2016-7032

sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

4.4 2013-04-08 CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

4.4 2013-04-08 CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

4.4 2013-04-08 CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.

6.9 2013-03-05 CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

7.2 2012-05-18 CVE-2012-2337

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

6.9 2011-01-20 CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.

6.2 2010-06-07 CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

6.9 2010-04-16 CVE-2010-1163

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.

4.4 2010-02-25 CVE-2010-0427

sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.

6.2 2007-08-13 CVE-2007-4305

Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.

7.2 2006-01-09 CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

4.6 2005-12-10 CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

4.6 2005-10-25 CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

3.7 2005-06-20 CVE-2005-1993

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

2.1 2005-05-02 CVE-2005-1119

Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.

7.2 2005-03-01 CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

2.1 2004-09-16 CVE-2004-1689

sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

CWE : Common Weakness Enumeration

%idName
80% (8) CWE-264 Permissions, Privileges, and Access Controls
10% (1) CWE-284 Access Control (Authorization) Issues
10% (1) CWE-20 Improper Input Validation

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-6 Argument Injection
CAPEC-15 Command Delimiters
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-63 Simple Script Injection
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-73 User-Controlled Filename
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-163 Spear Phishing

Open Source Vulnerability Database (OSVDB)

id Description
65083 sudo env.c secure path Restrictions Bypass Arbitrary File Execution
63878 sudo sudoedit Command Matching Failure Privilege Escalation
62657 sudo runas_default Option Group Membership Local Privilege Escalation
51736 sudo parse.c System Group Interpretation Local Privilege Escalation
39589 Multiple BSD Systrace Sysjail Policies Race Condition Access Control Policy B...
39588 Multiple BSD Sudo Monitor Mode Race Condition Access Control Policy Bypass
20764 Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation
20303 Sudo Environment Variable Manipulation Local Privilege Escalation
17396 Sudo sudoers ALL Entry Race Condition
16611 Sudo VISudo Symlink Arbitrary File Corruption
11716 sudo Bash Script Subversion Arbitrary Command Execution
10023 sudo sudoedit Restricted Local File Disclosure

ExploitDB Exploits

id Description
27944 Mac OS X Sudo Password Bypass

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-08-30 Name : Fedora Update for sudo FEDORA-2012-7998
File : nvt/gb_fedora_2012_7998_sudo_fc17.nasl
2012-08-10 Name : Gentoo Security Advisory GLSA 201207-01 (sudo)
File : nvt/glsa_201207_01.nasl
2012-08-03 Name : Mandriva Update for sudo MDVSA-2012:079 (sudo)
File : nvt/gb_mandriva_MDVSA_2012_079.nasl
2012-07-30 Name : CentOS Update for sudo CESA-2012:1081 centos6
File : nvt/gb_CESA-2012_1081_sudo_centos6.nasl
2012-07-30 Name : CentOS Update for sudo CESA-2012:1081 centos5
File : nvt/gb_CESA-2012_1081_sudo_centos5.nasl
2012-07-19 Name : RedHat Update for sudo RHSA-2012:1081-01
File : nvt/gb_RHSA-2012_1081-01_sudo.nasl
2012-05-31 Name : Debian Security Advisory DSA 2478-1 (sudo)
File : nvt/deb_2478_1.nasl
2012-05-31 Name : FreeBSD Ports: sudo
File : nvt/freebsd_sudo11.nasl
2012-05-17 Name : Ubuntu Update for sudo USN-1442-1
File : nvt/gb_ubuntu_USN_1442_1.nasl
2012-04-16 Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates
File : nvt/gb_VMSA-2010-0009.nasl
2011-08-09 Name : CentOS Update for sudo CESA-2010:0122 centos5 i386
File : nvt/gb_CESA-2010_0122_sudo_centos5_i386.nasl
2011-08-09 Name : CentOS Update for sudo CESA-2010:0475 centos5 i386
File : nvt/gb_CESA-2010_0475_sudo_centos5_i386.nasl
2011-08-09 Name : CentOS Update for sudo CESA-2010:0361 centos5 i386
File : nvt/gb_CESA-2010_0361_sudo_centos5_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201006-09 (sudo)
File : nvt/glsa_201006_09.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201009-03 (sudo)
File : nvt/glsa_201009_03.nasl
2011-01-24 Name : Fedora Update for sudo FEDORA-2011-0455
File : nvt/gb_fedora_2011_0455_sudo_fc13.nasl
2011-01-24 Name : Mandriva Update for sudo MDVSA-2011:018 (sudo)
File : nvt/gb_mandriva_MDVSA_2011_018.nasl
2011-01-21 Name : Fedora Update for sudo FEDORA-2011-0470
File : nvt/gb_fedora_2011_0470_sudo_fc14.nasl
2010-07-06 Name : Debian Security Advisory DSA 2062-1 (sudo)
File : nvt/deb_2062_1.nasl
2010-07-02 Name : Ubuntu Update for sudo vulnerability USN-956-1
File : nvt/gb_ubuntu_USN_956_1.nasl
2010-06-25 Name : Fedora Update for sudo FEDORA-2010-9417
File : nvt/gb_fedora_2010_9417_sudo_fc11.nasl
2010-06-25 Name : Fedora Update for sudo FEDORA-2010-9415
File : nvt/gb_fedora_2010_9415_sudo_fc12.nasl
2010-06-18 Name : Fedora Update for sudo FEDORA-2010-9402
File : nvt/gb_fedora_2010_9402_sudo_fc13.nasl
2010-06-18 Name : RedHat Update for sudo RHSA-2010:0475-01
File : nvt/gb_RHSA-2010_0475-01_sudo.nasl
2010-06-18 Name : Mandriva Update for sudo MDVSA-2010:118 (sudo)
File : nvt/gb_mandriva_MDVSA_2010_118.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337
2013-A-0179 Apple Mac OS X Security Update 2013-004
Severity: Category I - VMSKEY: V0040373
2013-B-0064 Multiple Vulnerabilities in VMware ESX 4.0
Severity: Category II - VMSKEY: V0038876

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2017-07-14 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2016-2872.nasl - Type: ACT_GATHER_INFO
2017-05-31 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0110.nasl - Type: ACT_GATHER_INFO
2017-05-01 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2017-1004.nasl - Type: ACT_GATHER_INFO
2017-01-05 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-780.nasl - Type: ACT_GATHER_INFO
2016-12-15 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20161206_sudo_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2016-12-07 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2016-2872.nasl - Type: ACT_GATHER_INFO
2016-12-07 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2016-2872.nasl - Type: ACT_GATHER_INFO
2016-12-07 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0170.nasl - Type: ACT_GATHER_INFO
2016-12-07 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2016-2872.nasl - Type: ACT_GATHER_INFO
2016-12-06 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1402.nasl - Type: ACT_GATHER_INFO
2016-12-05 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1381.nasl - Type: ACT_GATHER_INFO
2016-11-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2891-1.nasl - Type: ACT_GATHER_INFO
2016-11-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2893-1.nasl - Type: ACT_GATHER_INFO
2016-11-25 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2016-2904-1.nasl - Type: ACT_GATHER_INFO
2016-11-23 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2016-1343.nasl - Type: ACT_GATHER_INFO
2016-11-15 Name: The remote Debian host is missing a security update.
File: debian_DLA-707.nasl - Type: ACT_GATHER_INFO
2016-06-22 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2016-0079.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_VMSA-2010-0009_remote.nasl - Type: ACT_GATHER_INFO
2016-03-08 Name: The remote VMware ESX host is missing a security-related patch.
File: vmware_VMSA-2010-0015_remote.nasl - Type: ACT_GATHER_INFO
2016-03-04 Name: The remote VMware ESX / ESXi host is missing a security-related patch.
File: vmware_esx_VMSA-2013-0007_remote.nasl - Type: ACT_GATHER_INFO
2015-08-17 Name: The remote host is missing a Mac OS X update that fixes multiple security vul...
File: macosx_10_10_5.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_sudo_20120717.nasl - Type: ACT_GATHER_INFO
2015-01-19 Name: The remote Solaris system is missing a security patch for third-party software.
File: solaris11_sudo_20130611.nasl - Type: ACT_GATHER_INFO
2014-11-17 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2010-0476.nasl - Type: ACT_GATHER_INFO
2014-11-12 Name: The remote CentOS host is missing a security update.
File: centos_RHSA-2013-1353.nasl - Type: ACT_GATHER_INFO