Sudo@1.6.8p12 Security Vulnerabilities and Issues — Sudo@1.6.8p12 CVE List

Lucene search

Todd MillerSudo1.6.8p12

7 matches found

CVE•added 2013/03/05 9:38 p.m.•104 views

CVE-2013-1775

sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

6.9CVSS8.1AI score0.02226EPSS

CVE•added 2012/05/18 6:55 p.m.•90 views

CVE-2012-2337

sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.

7.2CVSS7.3AI score0.00047EPSS

CVE•added 2010/06/07 5:12 p.m.•74 views

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

6.2CVSS6.1AI score0.00078EPSS

CVE•added 2013/04/08 5:55 p.m.•69 views

CVE-2013-1776

sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard inp...

4.4CVSS8.1AI score0.0005EPSS

CVE•added 2011/01/20 7:0 p.m.•68 views

CVE-2011-0008

A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain roo...

6.9CVSS7.3AI score0.00049EPSS

CVE•added 2013/04/08 5:55 p.m.•67 views

CVE-2013-2776

sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another ...

4.4CVSS8.1AI score0.00076EPSS

CVE•added 2013/04/08 5:55 p.m.•56 views

CVE-2013-2777

sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling te...

4.4CVSS8.1AI score0.0005EPSS