29 matches found
CVE-2016-7032
CVE-2016-7032 (sudo noexec bypass) A local attacker could exploit sudo_noexec.so in Sudo to bypass noexec restrictions by calling system() or popen. Affected software: sudo before 1.8.15 on Linux. Underlying issue: bypass of the sudo noexec restriction when an application uses system() or popen, ...
CVE-2012-0809
CVE-2012-0809 is a format-string vulnerability in the sudo_debug() function present in sudo versions 1.8.0 through 1.8.3p1, enabling local privilege escalation by supplying a crafted program name. The vulnerability is evidenced in multiple connected sources (Gentoo GLSA-201203-06, openSUSE patch ...
CVE-2013-1775
CVE-2013-1775 affects sudo 1.6.0–1.7.10p6 and 1.8.0–1.8.6p6. The issue allows a local attacker to bypass time-based authentication by setting the system clock to the epoch, enabling privilege escalation if a user has an active sudo timestamp. Debian notes the fix in 1.7.4p4-2 (squeeze) and 1.8.5p...
CVE-2010-1163
The CVE-2010-1163 issue affects sudo 1.6.8–1.7.2p5. If the PATH contains "." and a file in the CWD shares a name with a sudoers pseudo-command, a local user could invoke arbitrary commands via sudoedit, enabling privilege escalation to root. The vulnerability stems from command matching/path reso...
CVE-2010-0426
CVE-2010-0426 affects sudo 1.6.x < 1.6.9p21 and 1.7.x
CVE-2005-4158
CVE-2005-4158 affects sudo prior to version 1.6.8p12, where with Perl taint off the variables PERLLIB, PERL5LIB and PERL5OPT are not cleared, enabling a limited local user to influence which libraries a Perl script loads and potentially execute arbitrary code. Public disclosures (e.g., Debian DSA...
CVE-2012-2337
CVE-2012-2337 concerns sudo and affects multiple releases where netmask-based IPv4 configurations bypass restricted commands. Documented in various advisories: sudo versions 1.6.x and 1.7.x prior to 1.7.9p1, and 1.8.x prior to 1.8.4p5 are vulnerable when netmask syntax is used. Impact is local: a...
CVE-2014-0106
CVE-2014-0106 affects Sudo up to version 1.8.5 where env_reset is disabled, and env_delete checks fail to properly sanitize environment variables. This allows local users with sudo permissions to bypass intended command restrictions via crafted environment variables. The vulnerability is tied to ...
CVE-2010-0427
CVE-2010-0427 affects sudo 1.6.x before 1.6.9p21. When the runas_default option is used, sudo does not properly set group memberships, allowing local users to gain privileges via a sudo command. The issue is documented in multiple advisories and open-vas/Nessus entries (e.g., AXSA-2010-134:01 for...
CVE-2005-1993
CVE-2005-1993 describes a local privilege-escalation race in sudo’s pathname validation. In affected versions (sudo 1.3.1–1.6.8p8), a user with sudo privileges could trigger a symlink race when an ALL entry appears after the user’s sudoers entry, potentially executing commands as root. Public adv...
CVE-2013-1776
The CVE-2013-1776 issue is described as: when tty_tickets is enabled, sudo 1.3.5–1.7.10 and 1.8.0–1.8.5 fail to validate the controlling terminal device, allowing local users with sudo privileges to hijack authorization for another terminal via stdin/stdout/stderr vectors. MiracleLinux advisories...
CVE-2011-0010
The CVE-2011-0010 issue affects sudo 1.7.x (prior to 1.7.4p5). Check.c with a configured Runas group does not require a password for commands that involve a gid change but no uid change, enabling local users to bypass authentication via the -g option. Public advisories (e.g., MiracleLinux/OpenRHE...
CVE-2010-1646
CVE-2010-1646 affects the sudo secure_path behavior when an environment contains multiple PATH variables, allowing local privilege escalation. Impact, as described in connected advisories, covers multiple sudo versions: 1.3.1–1.6.9p22 and 1.7.0–1.7.2p6. The root cause is insufficient sanitization...
CVE-2011-0008
CVE-2011-0008 relates to a bug in parse.c of sudo before 1.7.4p5-1.fc14 (Fedora 14) where a system group (the %group) in sudoers could be misinterpreted during authorization for a user who belongs to that group. This regression (tied to CVE-2009-0034) allows a local user to leverage an applicable...
CVE-2013-2776
CVE-2013-2776 affects sudo versions 1.3.5–1.7.10p5 and 1.8.0–1.8.6p6, where, on systems without /proc or with tty_tickets enabled, sudo fails to properly validate the controlling terminal. This allows a local user with sudo permissions to hijack another user’s authorization by interacting with th...
CVE-2004-1051
Technical details about CVE-2004-1051 are not publicly available in the provided documents. Monitor for updates as new information may be published.
CVE-2006-0151
CVE-2006-0151 is a local privilege escalation in sudo where the PYTHONINSPECT environment variable is not cleared (variant of CVE-2005-4158). The issue affects sudo 1.6.8 and related versions and can allow limited local users to gain privileges via a Python script executed under sudo. Public docu...
CVE-2013-2777
CVE-2013-2777 affects sudo before 1.7.10p5 and 1.8.x before 1.8.6p6 when tty_tickets is enabled. The flaw is improper validation of the controlling terminal device, allowing a local user with sudo privileges to hijack the authorization of another terminal by interacting with the session without a...
CVE-2010-2956
CVE-2010-2956 affects sudo 1.7.0–1.7.4p3 where configuring a Runas group and using -u with -g allows local privilege escalation via a crafted command line. The connected advisories (openSUSE, SUSE, Slackware, Scientific Linux, Oracle Linux, VMware/OpenVAS, MiracleLinux AXSA-2010-437:05) reference...
CVE-2005-2959
CVE-2005-2959 concerns sudo 1.6.8 and earlier, where the SHELLOPTS and PS4 environment variables are not cleared during privilege-escalation prompts. The result is a local privilege escalation when a user with limited sudo privileges runs a bash script, as these variables can be passed through to...
CVE-2012-3440
The CVE-2012-3440 entry concerns a race-condition in the sudo package (notably sudo 1.7.2 on Red Hat Enterprise Linux 5) that allows a local attacker to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file. Connected advisories/plugins (MiracleLinux AXSA...
CVE-2007-3149
CVE-2007-3149 concerns the sudo utility when linked with MIT Kerberos 5 (krb5). The vulnerability arises because sudo does not properly verify whether a user is currently authenticated to Kerberos, allowing local users to gain privileges via certain KRB5_ environment variable settings. The issue ...
CVE-2005-1831
CVE-2005-1831 refers to Sudo 1.6.8p7 on SuSE Linux 9.3 (and possibly other distros) where local users could gain privileges by using sudo to run su, then entering a blank password and pressing CTRL-C. Several researchers could not reproduce the issue, noting that Sudo catches SIGINT and returns a...
CVE-1999-1496
CVE-1999-1496 affects Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 . Local users can infer the existence of arbitrary files by attempting to execute the target filename as a program, which yields different error messages depending on whether the file exists. This indicates a minor information-dis...
CVE-2002-0043
This CVE affects sudo versions 1.6.0–1.6.3p7. The issue is that sudo does not properly clear the environment before calling the mail program, allowing a local user to gain root privileges by manipulating environment variables and how the mail program is invoked. Documented impact is local privile...
CVE-2005-1119
CVE-2005-1119 affects Sudo VISudo 1.6.8 and earlier. The vulnerability arises from a symlink attack on temporary files, enabling local users to corrupt arbitrary files. Impact is local privilege concern (I = Partial) with no confidentiality/vitality impact, per available data. The provided docume...
CVE-2004-1689
The CVE-2004-1689 entry concerns sudoedit (sudo -e) on sudo 1.6.8, where a temporary file is opened with root privileges and can be read by local users through a symlink attack on the temporary file before quit. This is a local privilege issue affecting the sudoedit workflow, enabling access to a...
CVE-1999-0958
Technical details about CVE-1999-0958 are not publicly provided in the connected documents. The available sources reiterate the arbitrary command execution via sudo 1.5.x. Monitor for updates.
CVE-2007-4305
CVE-2007-4305 involves multiple race conditions in the Sudo monitor mode and in Sysjail policies of Systrace on NetBSD and OpenBSD. The underlying issue allows local users to defeat system call interposition, thereby bypassing access control policy and auditing. Affected components: NetBSD/OpenBS...