CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 3CVE-2015-5602 – Sudo 1.8.14 (RHEL 5/6/7 / Ubuntu) - 'Sudoedit' Unauthorized Privilege Escalation
https://notcve.org/view.php?id=CVE-2015-5602
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt." sudoedit en Sudo en versiones anteriores a 1.8.15 permite a usuarios locales obtener privilegios a través de un ataque de enlaces simbólicos en un archivo cuya totalidad de la ruta se define utilizando múltiples comodines en /etc/sudoers, según lo demostrado mediante '/home/*/*/file.txt.' • https://www.exploit-db.com/exploits/37710 https://github.com/t0kx/privesc-CVE-2015-5602 http://bugzilla.sudo.ws/show_bug.cgi?id=707 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html http://www.debian.org/security/2016/dsa-3440 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securitytracker.com/id/1034392 http://www.sudo.ws/stable • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2014-9680 – sudo: unsafe handling of TZ environment variable
https://notcve.org/view.php?id=CVE-2014-9680
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. sudo en versiones anteriores a 1.8.12 no garantiza que la variable de entorno TZ esté asociada con un archivo zoneinfo, lo que permite a usuarios locales abrir archivos arbitrarios para acceso de lectura (pero no ver el contenido del archivo) ejecutando un programa dentro de una sesión sudo, como lo demuestra interfiriendo con la salida del terminal, descartando los mensajes del kernel-log o reposicionando las unidades de cinta. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. • http://openwall.com/lists/oss-security/2014/10/15/24 http://rhn.redhat.com/errata/RHSA-2015-1409.html http://www.securitytracker.com/id/1033158 http://www.sudo.ws/alerts/tz.html https://security.gentoo.org/glsa/201504-02 https://access.redhat.com/security/cve/CVE-2014-9680 https://bugzilla.redhat.com/show_bug.cgi?id=1191144 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.6EPSS: 0%CPEs: 59EXPL: 0CVE-2014-0106 – sudo: certain environment variables not sanitized when env_reset is disabled
https://notcve.org/view.php?id=CVE-2014-0106
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable. Sudo 1.6.9 anterior a 1.8.5, cuando env_reset está deshabilitada, no comprueba debidamente variables de entorno para la restricción env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a través de una variable de entorno manipulada. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html http://rhn.redhat.com/errata/RHSA-2014-0266.html http://www.openwall.com/lists/oss-security/2014/03/06/2 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/65997 http://www.sudo.ws/sudo/alerts/env_add.html http://www.ubuntu.com/usn/USN-2146-1 https://support.appl • CWE-20: Improper Input Validation •
CVSS: 4.4EPSS: 0%CPEs: 76EXPL: 0CVE-2013-2776 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2776
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. sudo v1.3.5 hasta v1.7.10p5 y v1.8.0 hasta v1.8.6p6, cuando se ejecuta en sistemas sin /proc o la función sysctl con la opción tty_tickets habilitada, no valida correctamente el control de dispositivo terminal, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorización de otra terminal a través de vectores relacionados con una sesión sin un dispositivo terminal de control y la conexión a una entrada estándar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asignó originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1353.html http://rhn.redhat.com/errata/RHSA-2013-1701.html http://www.debian.org/security/2013/dsa-2642 http://www.openwall.com/lists/oss-security/2013/02/27/31 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/58207 http://www.securityfocus.c • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.4EPSS: 0%CPEs: 75EXPL: 0CVE-2013-2777 – sudo: bypass of tty_tickets constraints
https://notcve.org/view.php?id=CVE-2013-2777
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. sudo anterior a v1.7.10p5 y v1.8.x anterior a v1.8.6p6, cuando la opción tty_tickets esta habilitada, no valida correctamente el control de dispositivo terminal, que permite a los usuarios locales con permisos de sudo para secuestrar a la autorización de otra terminal a través de vectores relacionados con una sesión sin un dispositivo terminal de control y la conexión a una entrada estándar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asignó originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://rhn.redhat.com/errata/RHSA-2013-1701.html http://www.debian.org/security/2013/dsa-2642 http://www.openwall.com/lists/oss-security/2013/02/27/31 http://www.securityfocus.com/bid/58207 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.517440 http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4 http:&# • CWE-264: Permissions, Privileges, and Access Controls •