![](/assets/img/cve_300x82_sin_bg.png)
CVE-2019-18684
https://notcve.org/view.php?id=CVE-2019-18684
04 Nov 2019 — Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permiss... • https://gist.github.com/oxagast/51171aa161074188a11d96cbef884bbd • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2019-14287 – sudo 1.8.27 - Security Bypass
https://notcve.org/view.php?id=CVE-2019-14287
15 Oct 2019 — In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command. En Sudo anteriores a 1.8.28, un atacante con acceso a una cuenta Runas ALL sudoer puede omitir ciertas listas negras de políticas y módulos PAM de sesión, y puede causar un registro... • https://www.exploit-db.com/exploits/47502 • CWE-267: Privilege Defined With Unsafe Actions CWE-755: Improper Handling of Exceptional Conditions •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2017-1000368 – sudo: Privilege escalation via improper get_process_ttyname() parsing (insufficient fix for CVE-2017-1000367)
https://notcve.org/view.php?id=CVE-2017-1000368
05 Jun 2017 — Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution. La versión 1.8.20p1 y anteriores de sudo de Todd Miller es vulnerable a una validación de entradas (nuevas líneas embebidas) en la función get_process_ttyname() que da lugar a una revelación de información y la ejecución de comandos. It was found that the original fix for CVE-2017-1000367 was incomplete. A fl... • http://www.securityfocus.com/bid/98838 • CWE-20: Improper Input Validation •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2017-1000367 – Sudo 1.8.20 - 'get_process_ttyname()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2017-1000367
30 May 2017 — Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution. Un Sudo de Todd Miller’s versión 1.8.20 y anteriores es vulnerable a una validación de entrada (espacios insertados) en la función get_process_ttyname(), resultando en la divulgación de información y la ejecución de comandos. A flaw was found in the way sudo parsed tty information from the process status file in ... • https://packetstorm.news/files/id/142783 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-807: Reliance on Untrusted Inputs in a Security Decision •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-7032 – sudo: noexec bypass via system() and popen()
https://notcve.org/view.php?id=CVE-2016-7032
06 Dec 2016 — sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function. Sudo_noexec.so en Sudo en versiones anteriores a 1.8.15 en Linux podría permitir a los usuarios locales evitar las restricciones de comandos noexec pretendidas a través de una aplicación que llama al (1) sistema o (2) a la función popen. It was discovered that the sudo noexec restriction could have been bypassed if applicatio... • http://rhn.redhat.com/errata/RHSA-2016-2872.html • CWE-184: Incomplete List of Disallowed Inputs CWE-284: Improper Access Control •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2016-7076 – sudo: noexec bypass via wordexp()
https://notcve.org/view.php?id=CVE-2016-7076
06 Dec 2016 — sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. sudo en versiones anteriores a la 1.8.18p1 es vulnerable a una omisión en la restricción noexec de sudo si la aplicación que se ejecuta mediante sudo ejecuta la fun... • http://rhn.redhat.com/errata/RHSA-2016-2872.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-184: Incomplete List of Disallowed Inputs •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2015-5602 – Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5602
17 Nov 2015 — sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." sudoedit en Sudo en versiones anteriores a 1.8.15 permite a usuarios locales obtener privilegios a través de un ataque de enlaces simbólicos en un archivo cuya totalidad de la ruta se define utilizando múltiples comodines en /etc/sudoers, según lo demostrado mediante '/home/*/*/file.txt.' When sudo is... • https://www.exploit-db.com/exploits/37710 • CWE-264: Permissions, Privileges, and Access Controls •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2014-9680 – sudo: unsafe handling of TZ environment variable
https://notcve.org/view.php?id=CVE-2014-9680
16 Feb 2015 — sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. sudo en versiones anteriores a 1.8.12 no garantiza que la variable de entorno TZ esté asociada con un archivo zoneinfo, lo que permite a usuarios locales ... • http://openwall.com/lists/oss-security/2014/10/15/24 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2014-0106 – sudo: certain environment variables not sanitized when env_reset is disabled
https://notcve.org/view.php?id=CVE-2014-0106
06 Mar 2014 — Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. Sudo 1.6.9 anterior a 1.8.5, cuando env_reset está deshabilitada, no comprueba debidamente variables de entorno para la restricción env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a través de una variable de en... • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html • CWE-20: Improper Input Validation •
![](/assets/img/cve_300x82_sin_bg.png)
CVE-2013-2777 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2777
08 Apr 2013 — sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, b... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 • CWE-264: Permissions, Privileges, and Access Controls •