CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-7076 – sudo: noexec bypass via wordexp()
https://notcve.org/view.php?id=CVE-2016-7076
06 Dec 2016 — sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. sudo en versiones anteriores a la 1.8.18p1 es vulnerable a una omisión en la restricción noexec de sudo si la aplicación que se ejecuta mediante sudo ejecuta la fun... • http://rhn.redhat.com/errata/RHSA-2016-2872.html • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 10.0EPSS: 6%CPEs: 1EXPL: 4CVE-2015-5602 – Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5602
17 Nov 2015 — sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." sudoedit en Sudo en versiones anteriores a 1.8.15 permite a usuarios locales obtener privilegios a través de un ataque de enlaces simbólicos en un archivo cuya totalidad de la ruta se define utilizando múltiples comodines en /etc/sudoers, según lo demostrado mediante '/home/*/*/file.txt.' When sudo is... • https://www.exploit-db.com/exploits/37710 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9680 – sudo: unsafe handling of TZ environment variable
https://notcve.org/view.php?id=CVE-2014-9680
16 Feb 2015 — sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. sudo en versiones anteriores a 1.8.12 no garantiza que la variable de entorno TZ esté asociada con un archivo zoneinfo, lo que permite a usuarios locales ... • http://openwall.com/lists/oss-security/2014/10/15/24 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2002-0184 – Sudo 1.6.x - Password Prompt Heap Overflow
https://notcve.org/view.php?id=CVE-2002-0184
16 May 2002 — Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded. Desbordamiento del montón (heap) en sudo anteriores a 1.6.6 puede permitir a usuarios locales ganar privilegios de root mediante caractéres especiales en el argumento -p (prompt), que no son expandidos adecuadamente. • https://www.exploit-db.com/exploits/21420 • CWE-131: Incorrect Calculation of Buffer Size •