CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7090 – Sudo: improper handling of ipa_hostname leads to privilege mismanagement
https://notcve.org/view.php?id=CVE-2023-7090
23 Dec 2023 — A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. Se encontró una falla en sudo en el manejo de ipa_hostname, donde ipa_hostname de /etc/sssd/sssd.conf no se propagó en sudo. Por lo tanto, genera una vulnerabilidad de mala gestión de privilegios en las aplicaciones, donde los hosts de los... • https://access.redhat.com/security/cve/CVE-2023-7090 • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42465 – sudo: Targeted Corruption of Register and Stack Variables
https://notcve.org/view.php?id=CVE-2023-42465
22 Dec 2023 — Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y ... • https://arxiv.org/abs/2309.02545 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28486 – sudo: Sudo does not escape control characters in log messages
https://notcve.org/view.php?id=CVE-2023-28486
16 Mar 2023 — Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16... • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28487 – sudo: Sudo does not escape control characters in sudoreplay output
https://notcve.org/view.php?id=CVE-2023-28487
16 Mar 2023 — Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege ... • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-23240 – sudo: symbolic link attack in SELinux-enabled sudoedit
https://notcve.org/view.php?id=CVE-2021-23240
12 Jan 2021 — selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. En la función selinux_edit_copy_tfiles en sudoedit en Sudo versiones anteriores a la 1.9.5, permite a un usuario local poco privilegiado obtener una propiedad del archivo y escalar unos privilegios ree... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-23239 – sudo: possible directory existence test due to race condition in sudoedit
https://notcve.org/view.php?id=CVE-2021-23239
12 Jan 2021 — The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. La personalidad sudoedit de Sudo versiones anteriores a 1.9.5, puede permitir a un usuario local poco privilegiado llevar a cabo pruebas arbitrarias de existencia de directorio al ganar una condición de carrera en el archivo sudo_edit.c al reemplazar un directorio co... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 16CVE-2019-18634 – Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2019-18634
29 Jan 2020 — In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. En Sudo anterior a la versión 1.8.26, si pwfeedback está habilitado en / etc / sudoers, los usu... • https://packetstorm.news/files/id/156189 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-19232 – sudo: attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user
https://notcve.org/view.php?id=CVE-2019-19232
19 Dec 2019 — In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabl... • http://seclists.org/fulldisclosure/2020/Mar/31 • CWE-284: Improper Access Control •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2019-19234 – sudo: by using ! character in the shadow file instead of a password hash can access to a run as all sudoer account
https://notcve.org/view.php?id=CVE-2019-19234
19 Dec 2019 — In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL sudoer account) to impersonate any blocked user. NOTE: The software maintainer believes that this CVE is not valid. Disabling local password authentication for a user is not the same as disabling all access to that user--the user may still be able to login via other means (ssh key, kerberos, etc). B... • https://access.redhat.com/security/cve/cve-2019-19234 • CWE-284: Improper Access Control •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2019-18684
https://notcve.org/view.php?id=CVE-2019-18684
04 Nov 2019 — Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permiss... • https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •