Sudo vulnerabilities

2023-05-2900:00:00

ubuntu.com

ubuntu 16.04

esm

sudo

limited super user privileges

control characters

log messages

sudoreplay

injection vulnerability

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

40.1%

JSON

Releases

Ubuntu 16.04 ESM

Packages

sudo - Provide limited super user privileges to specific users

Details

USN-6005-1 fixed vulnerabilities in Sudo. This update
provides the corresponding updates for Ubuntu 16.04 LTS.

Original advisory details:

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly
escaped control characters in log messages and sudoreplay output. An
attacker could possibly use these issues to inject terminal control
characters that alter output when being viewed.

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchsudo-ldap< 1.8.16-0ubuntu1.10+esm2UNKNOWN
Ubuntu16.04noarchsudo< 1.8.16-0ubuntu1.10UNKNOWN
Ubuntu16.04noarchsudo-dbgsym< 1.8.16-0ubuntu1.10UNKNOWN
Ubuntu16.04noarchsudo-ldap< 1.8.16-0ubuntu1.10UNKNOWN
Ubuntu16.04noarchsudo-ldap-dbgsym< 1.8.16-0ubuntu1.10UNKNOWN
Ubuntu16.04noarchsudo< 1.8.16-0ubuntu1.10+esm2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	16.04	noarch	sudo-ldap	< 1.8.16-0ubuntu1.10+esm2	UNKNOWN
Ubuntu	16.04	noarch	sudo	< 1.8.16-0ubuntu1.10	UNKNOWN
Ubuntu	16.04	noarch	sudo-dbgsym	< 1.8.16-0ubuntu1.10	UNKNOWN
Ubuntu	16.04	noarch	sudo-ldap	< 1.8.16-0ubuntu1.10	UNKNOWN
Ubuntu	16.04	noarch	sudo-ldap-dbgsym	< 1.8.16-0ubuntu1.10	UNKNOWN
Ubuntu	16.04	noarch	sudo	< 1.8.16-0ubuntu1.10+esm2	UNKNOWN