This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sudo Project First view 2002-05-16
Product Sudo Last view 2023-12-23
Version Type
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* 20
cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:* 19
cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:* 18
cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:* 18

Related : CVE

  Date Alert Description
8.8 2023-12-23 CVE-2023-7090

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

7 2023-12-22 CVE-2023-42465

Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

5.3 2023-03-16 CVE-2023-28487

Sudo before 1.9.13 does not escape control characters in sudoreplay output.

5.3 2023-03-16 CVE-2023-28486

Sudo before 1.9.13 does not escape control characters in log messages.

7.2 2023-02-28 CVE-2023-27320

Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

7.8 2023-01-18 CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

7.1 2022-11-02 CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.

7.8 2021-01-26 CVE-2021-3156

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

7.8 2021-01-12 CVE-2021-23240

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

2.5 2021-01-12 CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

7.8 2020-01-29 CVE-2019-18634

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

7 2019-11-04 CVE-2019-18684

Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers

7.8 2019-11-04 CVE-2005-4890

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

8.8 2019-10-17 CVE-2019-14287

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

7.8 2018-05-29 CVE-2016-7076

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.

7 2017-10-10 CVE-2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

8.2 2017-06-05 CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

6.4 2017-06-05 CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

3.3 2017-04-24 CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.

7.2 2015-11-17 CVE-2015-5602

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

7.8 2002-05-16 CVE-2002-0184

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

CWE : Common Weakness Enumeration

%idName
15% (3) CWE-362 Race Condition
10% (2) CWE-269 Improper Privilege Management
10% (2) CWE-116 Improper Encoding or Escaping of Output
10% (2) CWE-59 Improper Link Resolution Before File Access ('Link Following')
10% (2) CWE-20 Improper Input Validation
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-755 Improper Handling of Exceptional Conditions
5% (1) CWE-415 Double Free
5% (1) CWE-264 Permissions, Privileges, and Access Controls
5% (1) CWE-200 Information Exposure
5% (1) CWE-193 Off-by-one Error
5% (1) CWE-131 Incorrect Calculation of Buffer Size
5% (1) CWE-125 Out-of-bounds Read
5% (1) CWE-77 Improper Sanitization of Special Elements used in a Command ('Comma...

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers
CAPEC-123 Buffer Attacks

Open Source Vulnerability Database (OSVDB)

id Description
5344 sudo -p Option Local Overflow

OpenVAS Exploits

id Description
2008-01-17 Name : Debian Security Advisory DSA 128-1 (sudo)
File : nvt/deb_128_1.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2015-A-0199 Multiple Vulnerabilities in Apple Mac OS X
Severity: Category I - VMSKEY: V0061337

Nessus® Vulnerability Scanner

This CPE Product have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2018-11-21 Name: The remote EulerOS Virtualization host is missing a security update.
File: EulerOS_SA-2018-1380.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0021.nasl - Type: ACT_GATHER_INFO
2017-10-23 Name: The remote device is affected by multiple vulnerabilities.
File: juniper_space_jsa_10826.nasl - Type: ACT_GATHER_INFO
2017-10-09 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201710-04.nasl - Type: ACT_GATHER_INFO
2017-08-15 Name: The remote host running McAfee Web Gateway is affected by multiple code execu...
File: mcafee_web_gateway_sb10205.nasl - Type: ACT_GATHER_INFO
2017-07-31 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0125.nasl - Type: ACT_GATHER_INFO
2017-07-17 Name: The remote Fedora host is missing a security update.
File: fedora_2017-8b250ebe97.nasl - Type: ACT_GATHER_INFO
2017-07-14 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2016-2872.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1382.nasl - Type: ACT_GATHER_INFO
2017-07-13 Name: The remote Virtuozzo host is missing a security update.
File: Virtuozzo_VZLSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1121.nasl - Type: ACT_GATHER_INFO
2017-07-10 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2017-1120.nasl - Type: ACT_GATHER_INFO
2017-07-07 Name: The remote Amazon Linux AMI host is missing a security update.
File: ala_ALAS-2017-855.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1778-1.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1771-1.nasl - Type: ACT_GATHER_INFO
2017-07-05 Name: The remote Debian host is missing a security update.
File: debian_DLA-1011.nasl - Type: ACT_GATHER_INFO
2017-06-30 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-744.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20170623_sudo_on_SL6_x.nasl - Type: ACT_GATHER_INFO
2017-06-26 Name: The remote OracleVM host is missing a security update.
File: oraclevm_OVMSA-2017-0114.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-06-23 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2017-1574.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1627-1.nasl - Type: ACT_GATHER_INFO
2017-06-21 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-1626-1.nasl - Type: ACT_GATHER_INFO
2017-06-09 Name: The remote Fedora host is missing a security update.
File: fedora_2017-facd994774.nasl - Type: ACT_GATHER_INFO