CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

CVE-2019-19234

In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The software maintainer believes...

Sudo 1.6.x - Environment Variable Handling Security Bypass (2)

source: https://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the ability to run Python scripts can...