Sudo@1.3.1 Security Vulnerabilities and Issues — Sudo@1.3.1 CVE List

Lucene search

Todd MillerSudo1.3.1

3 matches found

CVE•added 2005/06/20 4:0 a.m.•74 views

CVE-2005-1993

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

3.7CVSS8.8AI score0.0007EPSS

CVE•added 2010/06/07 5:12 p.m.•74 views

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

6.2CVSS6.1AI score0.00078EPSS

CVE•added 2011/01/20 7:0 p.m.•68 views

CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain roo...

6.9CVSS7.3AI score0.00049EPSS