4 matches found
CVE-2017-1000368
CVE-2017-1000368 affects Todd Miller’s sudo prior to 1.8.20p1 and earlier, due to input validation in get_process_ttyname() that parses /proc data. This can enable information disclosure and command execution via a local user with sudo privileges. Connected advisories show multiple distributions ...
CVE-2017-1000367
CVE-2017-1000367 affects sudo versions up to and including 1.8.20 and earlier, due to input validation issues in get_process_ttyname() that incorrectly parsed tty information from /proc, enabling information disclosure and local privilege escalation. The issue is tied to parsing tty data from the...
CVE-2014-9680
CVE-2014-9680 : sudo before 1.8.12 fails to sanitize the TZ environment variable, allowing a local attacker to bypass restrictions and potentially cause a denial of service or read/open unauthorized files via a sudo session. Connected advisories/docs corroborate local-execution impact and recomme...
CVE-2015-8239
The CVE-2015-8239 issue affects the sudoers plugin in sudo versions after 1.8.7. The root cause is the SHA-2 digest support in the sudoers plugin, which allows local users with write permissions to parts of the called command to replace them before execution. Reported impacts indicate that a loca...