Search criteria
48 vulnerabilities found for sudo by sudo_project
CVE-2026-35535 (GCVE-0-2026-35535)
Vulnerability from nvd – Published: 2026-04-03 02:21 – Updated: 2026-06-04 15:01
VLAI
Summary
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sudo project | Sudo |
Affected:
0 , < 3e474c2f201484be83d994ae10a4e20e8c81bb69
(git)
|
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T03:55:19.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:01:15.329Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-04T15:01:58.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "3e474c2f201484be83d994ae10a4e20e8c81bb69",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271 Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T02:21:33.584Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"
},
{
"url": "https://www.qualys.com/2026/03/10/crack-armor.txt"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"
},
{
"url": "https://bugs.debian.org/1130593"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-35535",
"datePublished": "2026-04-03T02:21:33.584Z",
"dateReserved": "2026-04-03T02:21:32.829Z",
"dateUpdated": "2026-06-04T15:01:58.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32463 (GCVE-0-2025-32463)
Vulnerability from nvd – Published: 2025-06-30 00:00 – Updated: 2026-02-26 17:50
VLAI
CISA KEV
Summary
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Severity
9.3 (Critical)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sudo project | Sudo |
Affected:
1.9.14 , < 1.9.17p1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32463",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:22.188746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:20.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-29T00:00:00.000Z",
"value": "CVE-2025-32463 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "1.9.17p1",
"status": "affected",
"version": "1.9.14",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.17p1",
"versionStartIncluding": "1.9.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:59:53.402Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"
},
{
"url": "https://access.redhat.com/security/cve/cve-2025-32463"
},
{
"url": "https://ubuntu.com/security/notices/USN-7604-1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"
},
{
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"
},
{
"url": "https://www.suse.com/security/cve/CVE-2025-32463.html"
},
{
"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
},
{
"url": "https://www.sudo.ws/security/advisories/chroot_bug/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32463",
"datePublished": "2025-06-30T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2026-02-26T17:50:20.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32462 (GCVE-0-2025-32462)
Vulnerability from nvd – Published: 2025-06-30 00:00 – Updated: 2025-11-03 19:53
VLAI
Summary
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
14 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sudo project | Sudo |
Affected:
1.8.8 , < 1.9.17p1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:25:34.777689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:25:41.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:32.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "1.9.17p1",
"status": "affected",
"version": "1.8.8",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.17p1",
"versionStartIncluding": "1.8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T14:10:01.237Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"
},
{
"url": "https://ubuntu.com/security/notices/USN-7604-1"
},
{
"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
},
{
"url": "https://www.sudo.ws/security/advisories/host_any/"
},
{
"url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-32462"
},
{
"url": "https://www.suse.com/security/cve/CVE-2025-32462.html"
},
{
"url": "https://access.redhat.com/security/cve/cve-2025-32462"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32462",
"datePublished": "2025-06-30T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:53:32.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7090 (GCVE-0-2023-7090)
Vulnerability from nvd – Published: 2023-12-23 22:33 – Updated: 2024-08-02 08:50
VLAI
Title
Sudo: improper handling of ipa_hostname leads to privilege mismanagement
Summary
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Severity
6.6 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2023-7090 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | issue-trackingx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2024… | |
| https://security.netapp.com/advisory/ntap-2024020… | |
| https://www.sudo.ws/releases/legacy/#1.8.28 |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | sudo |
Unaffected:
1.8.28
|
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Fedora | Fedora |
Date Public
2019-08-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sudo",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.8.28"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "freeipa",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Mohammad Tausif Siddiqui (Red Hat Product Security)."
}
],
"datePublic": "2019-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T11:05:45.902Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"timeline": [
{
"lang": "en",
"time": "2018-11-02T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2019-08-15T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Sudo: improper handling of ipa_hostname leads to privilege mismanagement",
"x_redhatCweChain": "CWE-269: Improper Privilege Management"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-7090",
"datePublished": "2023-12-23T22:33:13.530Z",
"dateReserved": "2023-12-23T19:25:33.533Z",
"dateUpdated": "2024-08-02T08:50:07.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42465 (GCVE-0-2023-42465)
Vulnerability from nvd – Published: 2023-12-22 00:00 – Updated: 2025-11-04 21:08
VLAI
Summary
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:25.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://arxiv.org/abs/2309.02545"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"
},
{
"name": "GLSA-202401-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-29"
},
{
"name": "FEDORA-2024-cdccda4f62",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0002/"
},
{
"name": "FEDORA-2024-6fa5af9ea8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/23/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/24/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T03:06:16.859Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"
},
{
"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"
},
{
"url": "https://arxiv.org/abs/2309.02545"
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"
},
{
"name": "GLSA-202401-29",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-29"
},
{
"name": "FEDORA-2024-cdccda4f62",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0002/"
},
{
"name": "FEDORA-2024-6fa5af9ea8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42465",
"datePublished": "2023-12-22T00:00:00.000Z",
"dateReserved": "2023-09-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T21:08:25.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28487 (GCVE-0-2023-28487)
Vulnerability from nvd – Published: 2023-03-16 00:00 – Updated: 2024-08-02 12:38
VLAI
Summary
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.13 does not escape control characters in sudoreplay output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T11:06:20.873Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28487",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T12:38:25.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28486 (GCVE-0-2023-28486)
Vulnerability from nvd – Published: 2023-03-16 00:00 – Updated: 2024-08-02 12:38
VLAI
Summary
Sudo before 1.9.13 does not escape control characters in log messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.13 does not escape control characters in log messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T11:06:22.678Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28486",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T12:38:25.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27320 (GCVE-0-2023-27320)
Vulnerability from nvd – Published: 2023-02-28 00:00 – Updated: 2025-03-21 20:49
VLAI
Summary
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-415 - Double Free
Assigner
References
8 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:42.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/02/28/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/stable/#1.9.13p2"
},
{
"name": "[oss-security] 20230301 Re: sudo: double free with per-command chroot sudoers rules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/01/8"
},
{
"name": "FEDORA-2023-d2d6ec2a32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/"
},
{
"name": "FEDORA-2023-11c9d868ca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/"
},
{
"name": "FEDORA-2023-cb5df36beb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230413-0009/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:49:04.176388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:49:54.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.13p2 has a double free in the per-command chroot feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-29T13:06:19.949Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/02/28/1"
},
{
"url": "https://www.sudo.ws/releases/stable/#1.9.13p2"
},
{
"name": "[oss-security] 20230301 Re: sudo: double free with per-command chroot sudoers rules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/01/8"
},
{
"name": "FEDORA-2023-d2d6ec2a32",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/"
},
{
"name": "FEDORA-2023-11c9d868ca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/"
},
{
"name": "FEDORA-2023-cb5df36beb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230413-0009/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27320",
"datePublished": "2023-02-28T00:00:00.000Z",
"dateReserved": "2023-02-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T20:49:54.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22809 (GCVE-0-2023-22809)
Vulnerability from nvd – Published: 2023-01-18 00:00 – Updated: 2025-04-04 15:45
VLAI
Summary
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
14 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/security/advisories/sudoedit_any/"
},
{
"name": "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html"
},
{
"name": "DSA-5321",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5321"
},
{
"name": "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/01/19/1"
},
{
"name": "FEDORA-2023-9078f609e6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0015/"
},
{
"name": "FEDORA-2023-298c136eee",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html"
},
{
"name": "GLSA-202305-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-12"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213758"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html"
},
{
"name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T15:43:57.601703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T15:45:24.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR=\u0027vim -- /path/to/extra/file\u0027 value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T07:06:47.365Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf"
},
{
"url": "https://www.sudo.ws/security/advisories/sudoedit_any/"
},
{
"name": "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html"
},
{
"name": "DSA-5321",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5321"
},
{
"name": "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/01/19/1"
},
{
"name": "FEDORA-2023-9078f609e6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0015/"
},
{
"name": "FEDORA-2023-298c136eee",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/"
},
{
"url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html"
},
{
"name": "GLSA-202305-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-12"
},
{
"url": "https://support.apple.com/kb/HT213758"
},
{
"url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html"
},
{
"name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/21"
},
{
"url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22809",
"datePublished": "2023-01-18T00:00:00.000Z",
"dateReserved": "2023-01-06T00:00:00.000Z",
"dateUpdated": "2025-04-04T15:45:24.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43995 (GCVE-0-2022-43995)
Vulnerability from nvd – Published: 2022-11-02 00:00 – Updated: 2025-05-05 13:45
VLAI
Summary
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:04.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/security/advisories/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=33465707"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139911"
},
{
"name": "GLSA-202211-08",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-08"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T13:44:44.946580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T13:45:19.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050"
},
{
"url": "https://news.ycombinator.com/item?id=33465707"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139911"
},
{
"name": "GLSA-202211-08",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43995",
"datePublished": "2022-11-02T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2025-05-05T13:45:19.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3156 (GCVE-0-2021-3156)
Vulnerability from nvd – Published: 2021-01-26 00:00 – Updated: 2025-10-21 23:35
VLAI
CISA KEV
Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-193 - Off-by-one Error
Assigner
References
35 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "DSA-4839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"name": "FEDORA-2021-2cb63d912a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/"
},
{
"name": "FEDORA-2021-8840cbdccd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"name": "VU#794544",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212177"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3156",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:43:52.658146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:29.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-06T00:00:00.000Z",
"value": "CVE-2021-3156 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:41:27.031Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "DSA-4839",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"name": "FEDORA-2021-2cb63d912a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/"
},
{
"name": "FEDORA-2021-8840cbdccd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"name": "VU#794544",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"url": "https://support.apple.com/kb/HT212177"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3156",
"datePublished": "2021-01-26T00:00:00.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:29.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23240 (GCVE-0-2021-23240)
Vulnerability from nvd – Published: 2021-01-12 08:17 – Updated: 2024-08-03 19:05
VLAI
Summary
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-202… | x_refsource_MISC |
| https://www.sudo.ws/stable.html#1.9.5 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202101-33 | vendor-advisoryx_refsource_GENTOO |
| https://security.netapp.com/advisory/ntap-2021012… | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/rf4c02775860… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r58af02e294b… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240"
},
{
"name": "https://www.sudo.ws/stable.html#1.9.5",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210129-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23240",
"datePublished": "2021-01-12T08:17:44.000Z",
"dateReserved": "2021-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:54.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23239 (GCVE-0-2021-23239)
Vulnerability from nvd – Published: 2021-01-12 00:00 – Updated: 2024-08-03 19:05
VLAI
Summary
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3181-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239"
},
{
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3181-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23239",
"datePublished": "2021-01-12T00:00:00.000Z",
"dateReserved": "2021-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:55.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18634 (GCVE-0-2019-18634)
Vulnerability from nvd – Published: 2020-01-29 17:23 – Updated: 2024-08-05 01:54
VLAI
Summary
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210919"
},
{
"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sudo.ws/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/alerts/pwfeedback.html"
},
{
"name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/6"
},
{
"name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/31/1"
},
{
"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/40"
},
{
"name": "DSA-4614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4614"
},
{
"name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html"
},
{
"name": "20200203 [slackware-security] sudo (SSA:2020-031-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/3"
},
{
"name": "20200203 [SECURITY] [DSA 4614-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/2"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/5"
},
{
"name": "USN-4263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4263-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0001/"
},
{
"name": "USN-4263-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4263-2/"
},
{
"name": "RHSA-2020:0487",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0487"
},
{
"name": "RHSA-2020:0509",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0509"
},
{
"name": "RHSA-2020:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0540"
},
{
"name": "openSUSE-SU-2020:0244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "RHSA-2020:0726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0726"
},
{
"name": "GLSA-202003-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "FEDORA-2020-7c1b270959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T23:06:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210919"
},
{
"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sudo.ws/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/alerts/pwfeedback.html"
},
{
"name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/6"
},
{
"name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/31/1"
},
{
"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/40"
},
{
"name": "DSA-4614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4614"
},
{
"name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html"
},
{
"name": "20200203 [slackware-security] sudo (SSA:2020-031-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/3"
},
{
"name": "20200203 [SECURITY] [DSA 4614-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/2"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/5"
},
{
"name": "USN-4263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4263-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0001/"
},
{
"name": "USN-4263-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4263-2/"
},
{
"name": "RHSA-2020:0487",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0487"
},
{
"name": "RHSA-2020:0509",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0509"
},
{
"name": "RHSA-2020:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0540"
},
{
"name": "openSUSE-SU-2020:0244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "RHSA-2020:0726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0726"
},
{
"name": "GLSA-202003-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "FEDORA-2020-7c1b270959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT210919",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210919"
},
{
"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/44"
},
{
"name": "https://www.sudo.ws/security.html",
"refsource": "MISC",
"url": "https://www.sudo.ws/security.html"
},
{
"name": "https://www.sudo.ws/alerts/pwfeedback.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/pwfeedback.html"
},
{
"name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/6"
},
{
"name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/31/1"
},
{
"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/40"
},
{
"name": "DSA-4614",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4614"
},
{
"name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html"
},
{
"name": "20200203 [slackware-security] sudo (SSA:2020-031-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/3"
},
{
"name": "20200203 [SECURITY] [DSA 4614-1] sudo security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/2"
},
{
"name": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/2"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/5"
},
{
"name": "USN-4263-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4263-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200210-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200210-0001/"
},
{
"name": "USN-4263-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4263-2/"
},
{
"name": "RHSA-2020:0487",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0487"
},
{
"name": "RHSA-2020:0509",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0509"
},
{
"name": "RHSA-2020:0540",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0540"
},
{
"name": "openSUSE-SU-2020:0244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "RHSA-2020:0726",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0726"
},
{
"name": "GLSA-202003-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "FEDORA-2020-7c1b270959",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18634",
"datePublished": "2020-01-29T17:23:26.000Z",
"dateReserved": "2019-10-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4890 (GCVE-0-2005-4890)
Vulnerability from nvd – Published: 2019-11-04 18:38 – Updated: 2024-08-08 00:01
VLAI
Summary
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
Severity
No CVSS data available.
CWE
- tty hijacking possible in "su" via TIOCSTI ioctl
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2005-4890 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/11/06/8 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/05/20/3 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/1… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/11/29/5 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/20/9 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/21/1 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2016/02/25/6 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shadow",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "4.x before 4.1.5"
}
]
},
{
"product": "sudo",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "1.x before 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tty hijacking possible in \"su\" via TIOCSTI ioctl",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T18:38:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4890",
"datePublished": "2019-11-04T18:38:09.000Z",
"dateReserved": "2011-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:01:23.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-35535 (GCVE-0-2026-35535)
Vulnerability from cvelistv5 – Published: 2026-04-03 02:21 – Updated: 2026-06-04 15:01
VLAI
Summary
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Severity
7.4 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-271 - Privilege Dropping / Lowering Errors
Assigner
References
6 references
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Sudo project | Sudo |
Affected:
0 , < 3e474c2f201484be83d994ae10a4e20e8c81bb69
(git)
|
|
| Siemens | RUGGEDCOM RST2428P |
Affected:
0 , < V4.0
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-35535",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-03T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-04T03:55:19.379Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "RUGGEDCOM RST2428P",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T13:01:15.329Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
}
],
"x_adpType": "supplier"
},
{
"providerMetadata": {
"dateUpdated": "2026-06-04T15:01:58.149Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00003.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "3e474c2f201484be83d994ae10a4e20e8c81bb69",
"status": "affected",
"version": "0",
"versionType": "git"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-271",
"description": "CWE-271 Privilege Dropping / Lowering Errors",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-03T02:21:33.584Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sudo-project/sudo/commit/3e474c2f201484be83d994ae10a4e20e8c81bb69"
},
{
"url": "https://www.qualys.com/2026/03/10/crack-armor.txt"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/2143042"
},
{
"url": "https://bugs.debian.org/1130593"
}
],
"x_generator": {
"engine": "CVE-Request-form 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2026-35535",
"datePublished": "2026-04-03T02:21:33.584Z",
"dateReserved": "2026-04-03T02:21:32.829Z",
"dateUpdated": "2026-06-04T15:01:58.149Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32463 (GCVE-0-2025-32463)
Vulnerability from cvelistv5 – Published: 2025-06-30 00:00 – Updated: 2026-02-26 17:50
VLAI
CISA KEV
Summary
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.
Severity
9.3 (Critical)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-829 - Inclusion of Functionality from Untrusted Control Sphere
Assigner
References
17 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sudo project | Sudo |
Affected:
1.9.14 , < 1.9.17p1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32463",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-27T03:55:22.188746Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2025-09-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T17:50:20.931Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://iototsecnews.jp/2025/07/01/linux-sudo-chroot-vulnerability-enables-hackers-to-elevate-privileges-to-root/"
},
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-32463"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-29T00:00:00.000Z",
"value": "CVE-2025-32463 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "1.9.17p1",
"status": "affected",
"version": "1.9.14",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.17p1",
"versionStartIncluding": "1.9.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-829",
"description": "CWE-829 Inclusion of Functionality from Untrusted Control Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-22T14:59:53.402Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32463-sudo-chroot"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/30/3"
},
{
"url": "https://access.redhat.com/security/cve/cve-2025-32463"
},
{
"url": "https://ubuntu.com/security/notices/USN-7604-1"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-32463"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2025-32463.html"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32463"
},
{
"url": "https://www.suse.com/support/update/announcement/2025/suse-su-202502177-1/"
},
{
"url": "https://www.suse.com/security/cve/CVE-2025-32463.html"
},
{
"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
},
{
"url": "https://www.sudo.ws/security/advisories/chroot_bug/"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-detect-sudo-vulnerability"
},
{
"url": "https://www.vicarius.io/vsociety/posts/cve-2025-32463-mitigate-sudo-vulnerability"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32463",
"datePublished": "2025-06-30T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2026-02-26T17:50:20.931Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32462 (GCVE-0-2025-32462)
Vulnerability from cvelistv5 – Published: 2025-06-30 00:00 – Updated: 2025-11-03 19:53
VLAI
Summary
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
14 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Sudo project | Sudo |
Affected:
1.8.8 , < 1.9.17p1
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32462",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:25:34.777689Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:25:41.728Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:53:32.346Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00033.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Sudo",
"vendor": "Sudo project",
"versions": [
{
"lessThan": "1.9.17p1",
"status": "affected",
"version": "1.8.8",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.17p1",
"versionStartIncluding": "1.8.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863 Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T14:10:01.237Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.stratascale.com/vulnerability-alert-CVE-2025-32462-sudo-host"
},
{
"url": "https://www.openwall.com/lists/oss-security/2025/06/30/2"
},
{
"url": "https://ubuntu.com/security/notices/USN-7604-1"
},
{
"url": "https://www.secpod.com/blog/sudo-lpe-vulnerabilities-resolved-what-you-need-to-know-about-cve-2025-32462-and-cve-2025-32463/"
},
{
"url": "https://www.sudo.ws/security/advisories/host_any/"
},
{
"url": "https://lists.debian.org/debian-security-announce/2025/msg00118.html"
},
{
"url": "https://explore.alas.aws.amazon.com/CVE-2025-32462.html"
},
{
"url": "https://bugs.gentoo.org/show_bug.cgi?id=CVE-2025-32462"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2025-32462"
},
{
"url": "https://www.suse.com/security/cve/CVE-2025-32462.html"
},
{
"url": "https://access.redhat.com/security/cve/cve-2025-32462"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-32462",
"datePublished": "2025-06-30T00:00:00.000Z",
"dateReserved": "2025-04-09T00:00:00.000Z",
"dateUpdated": "2025-11-03T19:53:32.346Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-7090 (GCVE-0-2023-7090)
Vulnerability from cvelistv5 – Published: 2023-12-23 22:33 – Updated: 2024-08-02 08:50
VLAI
Title
Sudo: improper handling of ipa_hostname leads to privilege mismanagement
Summary
A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Severity
6.6 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://access.redhat.com/security/cve/CVE-2023-7090 | vdb-entryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | issue-trackingx_refsource_REDHAT |
| https://lists.debian.org/debian-lts-announce/2024… | |
| https://security.netapp.com/advisory/ntap-2024020… | |
| https://www.sudo.ws/releases/legacy/#1.8.28 |
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | sudo |
Unaffected:
1.8.28
|
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Fedora | Fedora |
Date Public
2019-08-15 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:50:07.937Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "sudo",
"vendor": "n/a",
"versions": [
{
"status": "unaffected",
"version": "1.8.28"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "sudo",
"product": "Fedora",
"vendor": "Fedora"
},
{
"collectionURL": "https://packages.fedoraproject.org/",
"defaultStatus": "unaffected",
"packageName": "freeipa",
"product": "Fedora",
"vendor": "Fedora"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Mohammad Tausif Siddiqui (Red Hat Product Security)."
}
],
"datePublic": "2019-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-20T11:05:45.902Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-7090"
},
{
"name": "RHBZ#2255723",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"
},
{
"url": "https://www.sudo.ws/releases/legacy/#1.8.28"
}
],
"timeline": [
{
"lang": "en",
"time": "2018-11-02T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2019-08-15T00:00:00.000Z",
"value": "Made public."
}
],
"title": "Sudo: improper handling of ipa_hostname leads to privilege mismanagement",
"x_redhatCweChain": "CWE-269: Improper Privilege Management"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-7090",
"datePublished": "2023-12-23T22:33:13.530Z",
"dateReserved": "2023-12-23T19:25:33.533Z",
"dateUpdated": "2024-08-02T08:50:07.937Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-42465 (GCVE-0-2023-42465)
Vulnerability from cvelistv5 – Published: 2023-12-22 00:00 – Updated: 2025-11-04 21:08
VLAI
Summary
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:08:25.980Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"
},
{
"tags": [
"x_transferred"
],
"url": "https://arxiv.org/abs/2309.02545"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"
},
{
"name": "GLSA-202401-29",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202401-29"
},
{
"name": "FEDORA-2024-cdccda4f62",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0002/"
},
{
"name": "FEDORA-2024-6fa5af9ea8",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/23/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/24/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-18T03:06:16.859Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/releases/changelog/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9"
},
{
"url": "https://github.com/sudo-project/sudo/commit/7873f8334c8d31031f8cfa83bd97ac6029309e4f"
},
{
"url": "https://arxiv.org/abs/2309.02545"
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_15"
},
{
"name": "GLSA-202401-29",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202401-29"
},
{
"name": "FEDORA-2024-cdccda4f62",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U6XMRUJCPII4MPWG43HTYR76DGLEYEFZ/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0002/"
},
{
"name": "FEDORA-2024-6fa5af9ea8",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R4Q23NHCKCLFIHSNY6KJ27GM7FSCEVXM/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-42465",
"datePublished": "2023-12-22T00:00:00.000Z",
"dateReserved": "2023-09-11T00:00:00.000Z",
"dateUpdated": "2025-11-04T21:08:25.980Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-28487 (GCVE-0-2023-28487)
Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2024-08-02 12:38
VLAI
Summary
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.13 does not escape control characters in sudoreplay output."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T11:06:20.873Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28487",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T12:38:25.328Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-28486 (GCVE-0-2023-28486)
Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2024-08-02 12:38
VLAI
Summary
Sudo before 1.9.13 does not escape control characters in log messages.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:38:25.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.13 does not escape control characters in log messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-02-03T11:06:22.678Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca"
},
{
"url": "https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230420-0002/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-12"
},
{
"name": "[debian-lts-announce] 20240203 [SECURITY] [DLA 3732-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-28486",
"datePublished": "2023-03-16T00:00:00.000Z",
"dateReserved": "2023-03-16T00:00:00.000Z",
"dateUpdated": "2024-08-02T12:38:25.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-27320 (GCVE-0-2023-27320)
Vulnerability from cvelistv5 – Published: 2023-02-28 00:00 – Updated: 2025-03-21 20:49
VLAI
Summary
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
Severity
7.2 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-415 - Double Free
Assigner
References
8 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:42.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/02/28/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/releases/stable/#1.9.13p2"
},
{
"name": "[oss-security] 20230301 Re: sudo: double free with per-command chroot sudoers rules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/01/8"
},
{
"name": "FEDORA-2023-d2d6ec2a32",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/"
},
{
"name": "FEDORA-2023-11c9d868ca",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/"
},
{
"name": "FEDORA-2023-cb5df36beb",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230413-0009/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202309-12"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-27320",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-21T20:49:04.176388Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-21T20:49:54.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.13p2 has a double free in the per-command chroot feature."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-29T13:06:19.949Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.openwall.com/lists/oss-security/2023/02/28/1"
},
{
"url": "https://www.sudo.ws/releases/stable/#1.9.13p2"
},
{
"name": "[oss-security] 20230301 Re: sudo: double free with per-command chroot sudoers rules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/03/01/8"
},
{
"name": "FEDORA-2023-d2d6ec2a32",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FPLXMRAMXC3BYL4DNKVTK3V6JDMUXZ7B/"
},
{
"name": "FEDORA-2023-11c9d868ca",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6VW24YGXJYI4NZ5HZPQCF4MCE7766AU/"
},
{
"name": "FEDORA-2023-cb5df36beb",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/332KN4QI6QXB7NI7SWSJ2EQJKWIILFN6/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230413-0009/"
},
{
"name": "GLSA-202309-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202309-12"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-27320",
"datePublished": "2023-02-28T00:00:00.000Z",
"dateReserved": "2023-02-28T00:00:00.000Z",
"dateUpdated": "2025-03-21T20:49:54.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-22809 (GCVE-0-2023-22809)
Vulnerability from cvelistv5 – Published: 2023-01-18 00:00 – Updated: 2025-04-04 15:45
VLAI
Summary
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Severity
7.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-269 - Improper Privilege Management
Assigner
References
14 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:20:30.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/security/advisories/sudoedit_any/"
},
{
"name": "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html"
},
{
"name": "DSA-5321",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2023/dsa-5321"
},
{
"name": "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/01/19/1"
},
{
"name": "FEDORA-2023-9078f609e6",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230127-0015/"
},
{
"name": "FEDORA-2023-298c136eee",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html"
},
{
"name": "GLSA-202305-12",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202305-12"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT213758"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html"
},
{
"name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/21"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22809",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-04T15:43:57.601703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-04T15:45:24.835Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR=\u0027vim -- /path/to/extra/file\u0027 value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-06T07:06:47.365Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf"
},
{
"url": "https://www.sudo.ws/security/advisories/sudoedit_any/"
},
{
"name": "[debian-lts-announce] 20230118 [SECURITY] [DLA 3272-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00012.html"
},
{
"name": "DSA-5321",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2023/dsa-5321"
},
{
"name": "[oss-security] 20230119 CVE-2023-22809: Sudoedit can edit arbitrary files",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/01/19/1"
},
{
"name": "FEDORA-2023-9078f609e6",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230127-0015/"
},
{
"name": "FEDORA-2023-298c136eee",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/"
},
{
"url": "http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html"
},
{
"name": "GLSA-202305-12",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202305-12"
},
{
"url": "https://support.apple.com/kb/HT213758"
},
{
"url": "http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html"
},
{
"name": "20230817 KL-001-2023-003: Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2023/Aug/21"
},
{
"url": "http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-22809",
"datePublished": "2023-01-18T00:00:00.000Z",
"dateReserved": "2023-01-06T00:00:00.000Z",
"dateUpdated": "2025-04-04T15:45:24.835Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43995 (GCVE-0-2022-43995)
Vulnerability from cvelistv5 – Published: 2022-11-02 00:00 – Updated: 2025-05-05 13:45
VLAI
Summary
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.
Severity
7.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-125 - Out-of-bounds Read
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:47:04.589Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/security/advisories/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=33465707"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139911"
},
{
"name": "GLSA-202211-08",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202211-08"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-43995",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T13:44:44.946580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-05T13:45:19.142Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.sudo.ws/security/advisories/"
},
{
"url": "https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050"
},
{
"url": "https://news.ycombinator.com/item?id=33465707"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2139911"
},
{
"name": "GLSA-202211-08",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202211-08"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-43995",
"datePublished": "2022-11-02T00:00:00.000Z",
"dateReserved": "2022-10-28T00:00:00.000Z",
"dateUpdated": "2025-05-05T13:45:19.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-3156 (GCVE-0-2021-3156)
Vulnerability from cvelistv5 – Published: 2021-01-26 00:00 – Updated: 2025-10-21 23:35
VLAI
CISA KEV
Summary
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Severity
7.8 (High)
SSVC
Exploitation: active
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-193 - Off-by-one Error
Assigner
References
35 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:45:51.408Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "DSA-4839",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"name": "FEDORA-2021-2cb63d912a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/"
},
{
"name": "FEDORA-2021-8840cbdccd",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"name": "VU#794544",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212177"
},
{
"tags": [
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-3156",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-03T15:43:52.658146Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-04-06",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-193",
"description": "CWE-193 Off-by-one Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:29.600Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3156"
}
],
"timeline": [
{
"lang": "en",
"time": "2022-04-06T00:00:00.000Z",
"value": "CVE-2021-3156 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T16:41:27.031Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20210126 [SECURITY] [DLA 2534-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html"
},
{
"name": "20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Jan/79"
},
{
"name": "[oss-security] 20210126 Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "DSA-4839",
"tags": [
"vendor-advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4839"
},
{
"name": "FEDORA-2021-2cb63d912a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LHXK6ICO5AYLGFK2TAX5MZKUXTUKWOJY/"
},
{
"name": "FEDORA-2021-8840cbdccd",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CALA5FTXIQBRRYUA2ZQNJXB6OQMAXEII/"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/1"
},
{
"name": "[oss-security] 20210127 Re: Baron Samedit: Heap-based buffer overflow in Sudo (CVE-2021-3156)",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/01/27/2"
},
{
"name": "20210129 Sudo Privilege Escalation Vulnerability Affecting Cisco Products: January 2021",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sudo-privesc-jan2021-qnYQfcM"
},
{
"name": "VU#794544",
"tags": [
"third-party-advisory"
],
"url": "https://www.kb.cert.org/vuls/id/794544"
},
{
"name": "20210211 APPLE-SA-2021-02-09-1 macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, and macOS Mojave 10.14.6 Security Update 2021-002",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2021/Feb/42"
},
{
"name": "[oss-security] 20210215 Re: sudo: Ineffective NO_ROOT_MAILER and Baron Samedit",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/02/15/1"
},
{
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"url": "https://www.sudo.ws/stable.html#1.9.5p2"
},
{
"url": "https://www.openwall.com/lists/oss-security/2021/01/26/3"
},
{
"url": "http://packetstormsecurity.com/files/161160/Sudo-Heap-Based-Buffer-Overflow.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210128-0002/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210128-0001/"
},
{
"url": "http://packetstormsecurity.com/files/161230/Sudo-Buffer-Overflow-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/161270/Sudo-1.9.5p1-Buffer-Overflow-Privilege-Escalation.html"
},
{
"url": "http://packetstormsecurity.com/files/161293/Sudo-1.8.31p2-1.9.5p1-Buffer-Overflow.html"
},
{
"url": "https://support.apple.com/kb/HT212177"
},
{
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10348"
},
{
"url": "https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability"
},
{
"url": "https://www.synology.com/security/advisory/Synology_SA_21_02"
},
{
"name": "[oss-security] 20210914 Re: Oracle Solaris membership in the distros list",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2021/09/14/2"
},
{
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "[oss-security] 20240130 Re: CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/8"
},
{
"name": "[oss-security] 20240130 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/6"
},
{
"url": "http://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html"
},
{
"name": "20240204 CVE-2023-6246: Heap-based buffer overflow in the glibc\u0027s syslog()",
"tags": [
"mailing-list"
],
"url": "http://seclists.org/fulldisclosure/2024/Feb/3"
},
{
"url": "https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-3156",
"datePublished": "2021-01-26T00:00:00.000Z",
"dateReserved": "2021-01-15T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:29.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23240 (GCVE-0-2021-23240)
Vulnerability from cvelistv5 – Published: 2021-01-12 08:17 – Updated: 2024-08-03 19:05
VLAI
Summary
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=CVE-202… | x_refsource_MISC |
| https://www.sudo.ws/stable.html#1.9.5 | x_refsource_CONFIRM |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202101-33 | vendor-advisoryx_refsource_GENTOO |
| https://security.netapp.com/advisory/ntap-2021012… | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/rf4c02775860… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r58af02e294b… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:54.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:09:27.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-23240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240",
"refsource": "MISC",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240"
},
{
"name": "https://www.sudo.ws/stable.html#1.9.5",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210129-0010/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23240",
"datePublished": "2021-01-12T08:17:44.000Z",
"dateReserved": "2021-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:54.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-23239 (GCVE-0-2021-23239)
Vulnerability from cvelistv5 – Published: 2021-01-12 00:00 – Updated: 2024-08-03 19:05
VLAI
Summary
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T19:05:55.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3181-1] sudo security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00007.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-07T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23239"
},
{
"url": "https://www.sudo.ws/stable.html#1.9.5"
},
{
"name": "FEDORA-2021-324479472c",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/"
},
{
"name": "FEDORA-2021-234d14bfcc",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/"
},
{
"name": "GLSA-202101-33",
"tags": [
"vendor-advisory"
],
"url": "https://security.gentoo.org/glsa/202101-33"
},
{
"url": "https://security.netapp.com/advisory/ntap-20210129-0010/"
},
{
"name": "[debian-lts-announce] 20221107 [SECURITY] [DLA 3181-1] sudo security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00007.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-23239",
"datePublished": "2021-01-12T00:00:00.000Z",
"dateReserved": "2021-01-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T19:05:55.298Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-18634 (GCVE-0-2019-18634)
Vulnerability from cvelistv5 – Published: 2020-01-29 17:23 – Updated: 2024-08-05 01:54
VLAI
Summary
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
26 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T01:54:14.581Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT210919"
},
{
"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Jan/44"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.sudo.ws/security.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/alerts/pwfeedback.html"
},
{
"name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/6"
},
{
"name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/31/1"
},
{
"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/40"
},
{
"name": "DSA-4614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4614"
},
{
"name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html"
},
{
"name": "20200203 [slackware-security] sudo (SSA:2020-031-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/3"
},
{
"name": "20200203 [SECURITY] [DSA 4614-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2020/Feb/2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/2"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/5"
},
{
"name": "USN-4263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4263-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0001/"
},
{
"name": "USN-4263-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4263-2/"
},
{
"name": "RHSA-2020:0487",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0487"
},
{
"name": "RHSA-2020:0509",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0509"
},
{
"name": "RHSA-2020:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0540"
},
{
"name": "openSUSE-SU-2020:0244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "RHSA-2020:0726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0726"
},
{
"name": "GLSA-202003-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "FEDORA-2020-7c1b270959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-16T23:06:02.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT210919"
},
{
"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Jan/44"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.sudo.ws/security.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/alerts/pwfeedback.html"
},
{
"name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/6"
},
{
"name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/01/31/1"
},
{
"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2020/Jan/40"
},
{
"name": "DSA-4614",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4614"
},
{
"name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html"
},
{
"name": "20200203 [slackware-security] sudo (SSA:2020-031-01)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/3"
},
{
"name": "20200203 [SECURITY] [DSA 4614-1] sudo security update",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2020/Feb/2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/2"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/5"
},
{
"name": "USN-4263-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4263-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200210-0001/"
},
{
"name": "USN-4263-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4263-2/"
},
{
"name": "RHSA-2020:0487",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0487"
},
{
"name": "RHSA-2020:0509",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0509"
},
{
"name": "RHSA-2020:0540",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0540"
},
{
"name": "openSUSE-SU-2020:0244",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "RHSA-2020:0726",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0726"
},
{
"name": "GLSA-202003-12",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "FEDORA-2020-7c1b270959",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-18634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT210919",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT210919"
},
{
"name": "20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Jan/44"
},
{
"name": "https://www.sudo.ws/security.html",
"refsource": "MISC",
"url": "https://www.sudo.ws/security.html"
},
{
"name": "https://www.sudo.ws/alerts/pwfeedback.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/pwfeedback.html"
},
{
"name": "[oss-security] 20200130 CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/30/6"
},
{
"name": "[oss-security] 20200131 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/01/31/1"
},
{
"name": "20200131 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2020/Jan/40"
},
{
"name": "DSA-4614",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4614"
},
{
"name": "[debian-lts-announce] 20200201 [SECURITY] [DLA 2094-1] sudo security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html"
},
{
"name": "20200203 [slackware-security] sudo (SSA:2020-031-01)",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/3"
},
{
"name": "20200203 [SECURITY] [DSA 4614-1] sudo security update",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2020/Feb/2"
},
{
"name": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html"
},
{
"name": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/2"
},
{
"name": "[oss-security] 20200205 Re: CVE-2019-18634: buffer overflow in sudo when pwfeedback is enabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/02/05/5"
},
{
"name": "USN-4263-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4263-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200210-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200210-0001/"
},
{
"name": "USN-4263-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4263-2/"
},
{
"name": "RHSA-2020:0487",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0487"
},
{
"name": "RHSA-2020:0509",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0509"
},
{
"name": "RHSA-2020:0540",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0540"
},
{
"name": "openSUSE-SU-2020:0244",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html"
},
{
"name": "FEDORA-2020-8b563bc5f4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/"
},
{
"name": "RHSA-2020:0726",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0726"
},
{
"name": "GLSA-202003-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202003-12"
},
{
"name": "FEDORA-2020-7c1b270959",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-18634",
"datePublished": "2020-01-29T17:23:26.000Z",
"dateReserved": "2019-10-30T00:00:00.000Z",
"dateUpdated": "2024-08-05T01:54:14.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4890 (GCVE-0-2005-4890)
Vulnerability from cvelistv5 – Published: 2019-11-04 18:38 – Updated: 2024-08-08 00:01
VLAI
Summary
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.
Severity
No CVSS data available.
CWE
- tty hijacking possible in "su" via TIOCSTI ioctl
Assigner
References
11 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/15/5 | x_refsource_MISC |
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2005-4890 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2012/11/06/8 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/05/20/3 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/1… | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2013/11/29/5 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/20/9 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2014/10/21/1 | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2016/02/25/6 | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:01:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "shadow",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "4.x before 4.1.5"
}
]
},
{
"product": "sudo",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "1.x before 1.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via \"su - user -c program\". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "tty hijacking possible in \"su\" via TIOCSTI ioctl",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-04T18:38:09.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/12/15/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2005-4890"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2012/11/06/8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/05/20/3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/28/10"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2013/11/29/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/20/9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2014/10/21/1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2016/02/25/6"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-4890",
"datePublished": "2019-11-04T18:38:09.000Z",
"dateReserved": "2011-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-08T00:01:23.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}