Search for packages
| purl | pkg:deb/ubuntu/sudo@1.6.7p5-1ubuntu4 |
| Next non-vulnerable version | 1.8.31-1ubuntu1.2 |
| Latest non-vulnerable version | 1.8.31-1ubuntu1.2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5e34-h4fw-aaan
Aliases: CVE-2015-5602 |
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." |
Affected by 10 other vulnerabilities. |
|
VCID-6dre-2n2j-aaaj
Aliases: CVE-2021-23239 |
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. |
Affected by 0 other vulnerabilities. |
|
VCID-7k3f-em44-aaap
Aliases: CVE-2016-7076 |
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. |
Affected by 7 other vulnerabilities. |
|
VCID-ce8c-ym9j-aaaq
Aliases: CVE-2021-3156 |
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. |
Affected by 0 other vulnerabilities. |
|
VCID-fkrt-pggy-aaab
Aliases: CVE-2017-1000368 |
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. |
Affected by 6 other vulnerabilities. |
|
VCID-fz23-dvjr-aaaj
Aliases: CVE-2015-8239 |
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed. |
Affected by 10 other vulnerabilities. |
|
VCID-hftq-26zs-aaae
Aliases: CVE-2014-9680 |
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. |
Affected by 12 other vulnerabilities. |
|
VCID-jupb-c4dd-aaap
Aliases: CVE-2017-1000367 |
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. |
Affected by 11 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-uzg3-q58h-aaad
Aliases: CVE-2019-18634 |
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. |
Affected by 4 other vulnerabilities. |
|
VCID-vcb8-ab38-aaas
Aliases: CVE-2019-19232 |
** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions. |
Affected by 2 other vulnerabilities. |
|
VCID-vq8m-kxfj-aaap
Aliases: CVE-2019-14287 |
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. |
Affected by 5 other vulnerabilities. |
|
VCID-xtpa-4k8g-aaap
Aliases: CVE-2016-7032 |
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. |
Affected by 9 other vulnerabilities. |
|
VCID-zaa8-pa6j-aaaa
Aliases: CVE-2019-19234 |
** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). Both the Linux shadow(5) and passwd(1) manuals are clear on this. Indeed it is a valid use case to have local accounts that are _only_ accessible via sudo and that cannot be logged into with a password. Sudo 1.8.30 added an optional setting to check the _shell_ of the target user (not the encrypted password!) against the contents of /etc/shells but that is not the same thing as preventing access to users with an invalid password hash. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|