CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-7090 – Sudo: improper handling of ipa_hostname leads to privilege mismanagement
https://notcve.org/view.php?id=CVE-2023-7090
23 Dec 2023 — A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them. Se encontró una falla en sudo en el manejo de ipa_hostname, donde ipa_hostname de /etc/sssd/sssd.conf no se propagó en sudo. Por lo tanto, genera una vulnerabilidad de mala gestión de privilegios en las aplicaciones, donde los hosts de los... • https://access.redhat.com/security/cve/CVE-2023-7090 • CWE-269: Improper Privilege Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-42465 – sudo: Targeted Corruption of Register and Stack Variables
https://notcve.org/view.php?id=CVE-2023-42465
22 Dec 2023 — Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit. Sudo anterior a 1.9.15 podría permitir row hammer attacks (para eludir la autenticación o escalar privilegios) porque la lógica de la aplicación a veces se basa en no igualar un valor de error (en lugar de igualar un valor de éxito) y ... • https://arxiv.org/abs/2309.02545 • CWE-1319: Improper Protection against Electromagnetic Fault Injection (EM-FI) •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28486 – sudo: Sudo does not escape control characters in log messages
https://notcve.org/view.php?id=CVE-2023-28486
16 Mar 2023 — Sudo before 1.9.13 does not escape control characters in log messages. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo's log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information. USN-6005-1 fixed vulnerabilities in Sudo. This update provides the corresponding updates for Ubuntu 16... • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2023-28487 – sudo: Sudo does not escape control characters in sudoreplay output
https://notcve.org/view.php?id=CVE-2023-28487
16 Mar 2023 — Sudo before 1.9.13 does not escape control characters in sudoreplay output. A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l' command improperly escapes terminal control characters. As sudo's log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information. Multiple vulnerabilities have been found in sudo, the worst of which can result in root privilege ... • https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca • CWE-116: Improper Encoding or Escaping of Output CWE-117: Improper Output Neutralization for Logs •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 18CVE-2023-22809 – sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
https://notcve.org/view.php?id=CVE-2023-22809
18 Jan 2023 — In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. En S... • https://packetstorm.news/files/id/172509 • CWE-269: Improper Privilege Management •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-43995 – Gentoo Linux Security Advisory 202211-08
https://notcve.org/view.php?id=CVE-2022-43995
02 Nov 2022 — Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. Sudo 1.8.0 a 1.9.12, con el backend de contraseña crypt(), contiene un error de matriz fuera de límites plugins/sudoer... • https://bugzilla.redhat.com/show_bug.cgi?id=2139911 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 96%CPEs: 39EXPL: 94CVE-2021-3156 – Sudo Heap-Based Buffer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-3156
26 Jan 2021 — Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sudo versiones anteriores a 1.9.5p2 contiene un error de desbordamiento que puede resultar en un desbordamiento de búfer basado en la pila, lo que permite la escalada de privilegios a root a través de "sudoedit -s" y un argumento de línea de comandos que termina con un solo caráct... • https://packetstorm.news/files/id/176932 • CWE-122: Heap-based Buffer Overflow CWE-193: Off-by-one Error •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2021-23240 – sudo: symbolic link attack in SELinux-enabled sudoedit
https://notcve.org/view.php?id=CVE-2021-23240
12 Jan 2021 — selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable. En la función selinux_edit_copy_tfiles en sudoedit en Sudo versiones anteriores a la 1.9.5, permite a un usuario local poco privilegiado obtener una propiedad del archivo y escalar unos privilegios ree... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 2.5EPSS: 0%CPEs: 8EXPL: 1CVE-2021-23239 – sudo: possible directory existence test due to race condition in sudoedit
https://notcve.org/view.php?id=CVE-2021-23239
12 Jan 2021 — The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path. La personalidad sudoedit de Sudo versiones anteriores a 1.9.5, puede permitir a un usuario local poco privilegiado llevar a cabo pruebas arbitrarias de existencia de directorio al ganar una condición de carrera en el archivo sudo_edit.c al reemplazar un directorio co... • https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-203: Observable Discrepancy •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 16CVE-2019-18634 – Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2019-18634
29 Jan 2020 — In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. En Sudo anterior a la versión 1.8.26, si pwfeedback está habilitado en / etc / sudoers, los usu... • https://packetstorm.news/files/id/156189 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •