Search for packages
| purl | pkg:deb/debian/sudo@1.8.19p1-2.1%2Bdeb9u2 |
| Next non-vulnerable version | 1.9.13p3-1+deb12u2 |
| Latest non-vulnerable version | 1.9.13p3-1+deb12u2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1xsy-7b37-w3dr
Aliases: CVE-2025-32462 |
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-24yb-z785-5qaj
Aliases: CVE-2021-23240 |
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. |
Affected by 5 other vulnerabilities. |
|
VCID-4s3h-r4vc-cyeh
Aliases: CVE-2021-23239 |
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. |
Affected by 5 other vulnerabilities. |
|
VCID-5jz4-7pcr-ebdd
Aliases: CVE-2019-19232 |
In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions |
Affected by 5 other vulnerabilities. |
|
VCID-5xpt-5e4h-f7c7
Aliases: CVE-2021-3156 |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. |
Affected by 10 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-gesg-srse-6bdf
Aliases: CVE-2019-19234 |
In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash |
Affected by 5 other vulnerabilities. |
|
VCID-pk7g-22b7-hbf4
Aliases: CVE-2017-1000368 |
Affected by 10 other vulnerabilities. |
|
|
VCID-pu7e-sm7k-ukdt
Aliases: CVE-2023-22809 |
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. |
Affected by 5 other vulnerabilities. |
|
VCID-qkc7-gx2g-vkam
Aliases: CVE-2019-14287 |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. |
Affected by 10 other vulnerabilities. Affected by 5 other vulnerabilities. |
|
VCID-rv1y-h785-zqcx
Aliases: CVE-2023-7090 |
sudo: Improper handling of ipa_hostname leads to privilege mismanagement |
Affected by 5 other vulnerabilities. |
|
VCID-wyae-6zse-s7a9
Aliases: CVE-2017-1000367 |
Affected by 10 other vulnerabilities. |
|
|
VCID-yw4r-9jvd-w3gy
Aliases: CVE-2019-18634 |
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. |
Affected by 5 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-12md-ucwk-xfd5 | security update |
CVE-2015-5602
|
| VCID-92f4-vbjs-bfeq | sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. |
CVE-2016-7076
|
| VCID-htch-uzd7-13cf |
CVE-2014-9680
|
|
| VCID-qkc7-gx2g-vkam | In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. |
CVE-2019-14287
|
| VCID-vh77-vczz-pkaj |
CVE-2016-7032
|
|
| VCID-yg3r-kunk-uqam | sudo: Race condition when checking digests in sudoers |
CVE-2015-8239
|
| VCID-yw4r-9jvd-w3gy | In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. |
CVE-2019-18634
|