Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Sudo Project Subscribe
Total 19 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-28487 1 Sudo Project 1 Sudo 2023-03-22 N/A 5.3 MEDIUM
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
CVE-2023-28486 1 Sudo Project 1 Sudo 2023-03-22 N/A 5.3 MEDIUM
Sudo before 1.9.13 does not escape control characters in log messages.
CVE-2023-27320 2 Fedoraproject, Sudo Project 2 Fedora, Sudo 2023-03-18 N/A 7.2 HIGH
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
CVE-2023-22809 3 Debian, Fedoraproject, Sudo Project 3 Debian Linux, Fedora, Sudo 2023-02-04 N/A 7.8 HIGH
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVE-2017-1000367 1 Sudo Project 1 Sudo 2022-12-22 6.9 MEDIUM 6.4 MEDIUM
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2022-43995 1 Sudo Project 1 Sudo 2022-12-05 N/A 7.1 HIGH
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
CVE-2021-23239 4 Debian, Fedoraproject, Netapp and 1 more 6 Debian Linux, Fedora, Cloud Backup and 3 more 2022-11-08 1.9 LOW 2.5 LOW
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
CVE-2021-3156 8 Beyondtrust, Debian, Fedoraproject and 5 more 27 Privilege Management For Mac, Privilege Management For Unix\/linux, Debian Linux and 24 more 2022-09-02 7.2 HIGH 7.8 HIGH
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
CVE-2019-14287 7 Canonical, Debian, Fedoraproject and 4 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2022-04-18 9.0 HIGH 8.8 HIGH
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
CVE-2021-23240 3 Fedoraproject, Netapp, Sudo Project 4 Fedora, Hci Management Node, Solidfire and 1 more 2021-09-13 4.4 MEDIUM 7.8 HIGH
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
CVE-2002-0184 2 Debian, Sudo Project 2 Debian Linux, Sudo 2021-04-01 7.2 HIGH N/A
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
CVE-2016-7076 1 Sudo Project 1 Sudo 2020-09-30 7.2 HIGH 7.8 HIGH
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.
CVE-2005-4890 3 Debian, Redhat, Sudo Project 4 Debian Linux, Shadow, Enterprise Linux and 1 more 2020-08-18 7.2 HIGH 7.8 HIGH
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
CVE-2019-18634 2 Debian, Sudo Project 2 Debian Linux, Sudo 2020-02-07 4.6 MEDIUM 7.8 HIGH
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
CVE-2019-18684 1 Sudo Project 1 Sudo 2019-11-08 6.9 MEDIUM 7.0 HIGH
** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers.
CVE-2017-1000368 1 Sudo Project 1 Sudo 2019-05-29 7.2 HIGH 8.2 HIGH
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVE-2014-9680 1 Sudo Project 1 Sudo 2018-01-04 2.1 LOW 3.3 LOW
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
CVE-2015-8239 1 Sudo Project 1 Sudo 2017-11-05 6.9 MEDIUM 7.0 HIGH
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
CVE-2015-5602 1 Sudo Project 1 Sudo 2016-12-07 7.2 HIGH N/A
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."