Sudo Security Vulnerabilities and Issues — Sudo CVE List

Lucene search

Sudo ProjectSudo

4 matches found

CVE•added 2017/06/05 4:29 p.m.•242 views

CVE-2017-1000368

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

8.2CVSS7.6AI score0.00166EPSS

CVE•added 2017/06/05 2:29 p.m.•225 views

CVE-2017-1000367

Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

6.9CVSS6.8AI score0.16461EPSS

CVE•added 2017/04/24 6:59 a.m.•136 views

CVE-2014-9680

sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, dis...

3.3CVSS3.8AI score0.00377EPSS

CVE•added 2017/10/10 4:29 p.m.•37 views

CVE-2015-8239

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

7CVSS6.6AI score0.00876EPSS