Sudoedit Extra Arguments Privilege Escalation Exploit

This exploit takes advantage of a vulnerability in sudoedit, part of the sudo package. The sudoedit aka sudo -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of...

EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2023-1941)

According to the versions of the sudo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that...

GLSA-202211-08 : sudo: Heap-Based Buffer Overread

The remote host is affected by the vulnerability described in GLSA-202211-08 sudo: Heap-Based Buffer Overread - Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can...

CVE-2022-43995

Sudo 1.8.0 through 1.9.12, with the crypt password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer...

OSX-10.8.4-Local-Root-Privilege-Escalation

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch...

sudo 1.8.0 - 1.8.3p1 Format String Vulnerability

No description provided by source. Phenoelit Advisory wir-haben-auch-mal-was-gefunden 0815 +--++ Authors joernchen joernchen phenoelit de Phenoelit Group http://www.phenoelit.de Affected Products sudo 1.8.0 - 1.8.3p1 http://sudo.ws Vendor communication 2012-01-24 Send vulnerability details to sud...

CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ttytickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard...

CVE-2012-0809

Format string vulnerability in the sudodebug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo...

Format string

Format string vulnerability in the sudodebug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo...