Search criteria
86 vulnerabilities found for sudo by todd_miller
FKIE_CVE-2016-7032
Vulnerability from fkie_nvd - Published: 2017-04-14 18:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| todd_miller | sudo | 1.6.8 | |
| todd_miller | sudo | 1.6.9 | |
| todd_miller | sudo | 1.7.0 | |
| todd_miller | sudo | 1.7.1 | |
| todd_miller | sudo | 1.7.2 | |
| todd_miller | sudo | 1.7.3 | |
| todd_miller | sudo | 1.7.4 | |
| todd_miller | sudo | 1.7.5 | |
| todd_miller | sudo | 1.7.6 | |
| todd_miller | sudo | 1.7.7 | |
| todd_miller | sudo | 1.7.8 | |
| todd_miller | sudo | 1.7.9 | |
| todd_miller | sudo | 1.7.10 | |
| todd_miller | sudo | 1.8.0 | |
| todd_miller | sudo | 1.8.1 | |
| todd_miller | sudo | 1.8.2 | |
| todd_miller | sudo | 1.8.3 | |
| todd_miller | sudo | 1.8.4 | |
| todd_miller | sudo | 1.8.5 | |
| todd_miller | sudo | 1.8.6 | |
| todd_miller | sudo | 1.8.7 | |
| todd_miller | sudo | 1.8.8 | |
| todd_miller | sudo | 1.8.9 | |
| todd_miller | sudo | 1.8.10 | |
| todd_miller | sudo | 1.8.11 | |
| todd_miller | sudo | 1.8.12 | |
| todd_miller | sudo | 1.8.13 | |
| todd_miller | sudo | 1.8.14 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4D705745-C004-4E7E-9E56-84FB2B7CF8FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D2805-A361-4A13-9E19-889CBE703137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2DC61847-D662-402E-907E-F79F92F155D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0CE60B2-566F-4ED5-8641-239770D2E72C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "045B81ED-812E-408B-8E8C-AEF65DE17057",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AF1AD785-0C73-4100-A9AD-9E7BA1F84CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.11:*:*:*:*:*:*:*",
"matchCriteriaId": "D6C13533-A5C8-4DF6-A181-BD54964AF274",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.12:*:*:*:*:*:*:*",
"matchCriteriaId": "31F95A82-C148-4609-BFE9-5170AD365E66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C66AE243-935F-4EF2-BC1B-A31976591F62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.14:p3:*:*:*:*:*:*",
"matchCriteriaId": "7F20D79C-0756-4456-B582-84CCA04E954A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function."
},
{
"lang": "es",
"value": "Sudo_noexec.so en Sudo en versiones anteriores a 1.8.15 en Linux podr\u00eda permitir a los usuarios locales evitar las restricciones de comandos noexec pretendidas a trav\u00e9s de una aplicaci\u00f3n que llama al (1) sistema o (2) a la funci\u00f3n popen."
}
],
"id": "CVE-2016-7032",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-04-14T18:59:00.783",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95776"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/3968-3/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3968-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-0106
Vulnerability from fkie_nvd - Published: 2014-03-11 19:37 - Updated: 2025-04-12 10:46
Severity ?
Summary
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7958DC3-1D59-47CB-A4C8-40EB675ED08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*",
"matchCriteriaId": "119AC9FA-3174-4982-A58F-D5F8FACC7411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF14E93E-29CA-4A30-966B-5D71A03A6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E59EA28-3FED-4BBC-AEC6-BE60C3107494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p5:*:*:*:*:*:*:*",
"matchCriteriaId": "D576845C-2645-46E5-B6EE-C23FA80A44B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AB508A-2DA7-4C06-945E-15D057E47DDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p7:*:*:*:*:*:*:*",
"matchCriteriaId": "6908122E-6977-44EC-AF4F-5AF92ED08982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p8:*:*:*:*:*:*:*",
"matchCriteriaId": "C2D5B642-2095-4343-A9C7-9922E5D14C1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p9:*:*:*:*:*:*:*",
"matchCriteriaId": "64150130-C4F5-4229-B492-D06AC7D5E119",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p10:*:*:*:*:*:*:*",
"matchCriteriaId": "B056EA61-D281-43F3-AD63-515D069E9209",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
},
{
"lang": "es",
"value": "Sudo 1.6.9 anterior a 1.8.5, cuando env_reset est\u00e1 deshabilitada, no comprueba debidamente variables de entorno para la restricci\u00f3n env_delete, lo que permite a usuarios locales con permisos sudo evadir restricciones de comando a trav\u00e9s de una variable de entorno manipulada."
}
],
"id": "CVE-2014-0106",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 2.7,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-03-11T19:37:03.240",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/65997"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/65997"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1776
Vulnerability from fkie_nvd - Published: 2013-04-08 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4F3BEB-BF2B-4E5F-A376-E23E6B532E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
},
{
"lang": "es",
"value": "sudo v1.3.5 hasta v1.7.10 y v1.8.0 hasta v1.8.5, cuando la opci\u00f3n tty_tickets est\u00e1 activada, no valida correctamente el dispositivo terminal de control, lo que permite a los usuarios locales con permisos de sudo para secuestrar a la autorizaci\u00f3n de otra terminal a trav\u00e9s de vectores relacionados con una sesi\u00f3n sin un dispositivo terminal de control y la conexi\u00f3n a una entrada est\u00e1ndar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asign\u00f3 originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas."
}
],
"id": "CVE-2013-1776",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-08T17:55:01.100",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"source": "secalert@redhat.com",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"source": "secalert@redhat.com",
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"source": "secalert@redhat.com",
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2777
Vulnerability from fkie_nvd - Published: 2013-04-08 17:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2AB5EAC2-C882-48E7-9E88-A76EC6593249",
"versionEndIncluding": "1.7.10p4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BC4F3BEB-BF2B-4E5F-A376-E23E6B532E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7958DC3-1D59-47CB-A4C8-40EB675ED08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*",
"matchCriteriaId": "119AC9FA-3174-4982-A58F-D5F8FACC7411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF14E93E-29CA-4A30-966B-5D71A03A6B0A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D2805-A361-4A13-9E19-889CBE703137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C4F9EE-9907-46E8-980F-FEBC5591C1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DD19E7-A84F-4667-BFF7-C8D010648330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p3:*:*:*:*:*:*:*",
"matchCriteriaId": "67E5AA45-D8C7-467C-BB10-0FE923C99D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BD09D8-2388-444F-926A-78BD74469928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F4C1EC-57BE-49E3-82AE-40B987059C41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
},
{
"lang": "es",
"value": "sudo anterior a v1.7.10p5 y v1.8.x anterior a v1.8.6p6, cuando la opci\u00f3n tty_tickets esta habilitada, no valida correctamente el control de dispositivo terminal, que permite a los usuarios locales con permisos de sudo para secuestrar a la autorizaci\u00f3n de otra terminal a trav\u00e9s de vectores relacionados con una sesi\u00f3n sin un dispositivo terminal de control y la conexi\u00f3n a una entrada est\u00e1ndar, salida, y descriptores de error de archivo de otros terminal. NOTA: esta es una de las tres vulnerabilidades estrechamente relacionadas con las que se asign\u00f3 originalmente a CVE-2013-1776, pero se han dividido debido a las diferentes versiones afectadas."
}
],
"id": "CVE-2013-2777",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-04-08T17:55:01.153",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"source": "cve@mitre.org",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-1775
Vulnerability from fkie_nvd - Published: 2013-03-05 21:38 - Updated: 2025-04-11 00:51
Severity ?
Summary
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1CA5CE6-F191-4FC2-AA36-562EB59E28F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0403E11-4280-49C2-9E38-E0524BC31768",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03B9393C-63FD-47EF-99F6-AF0186A248F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2050DA-B737-437A-8BFA-76F0D4C41DCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "91329D57-58F5-4159-B156-889D78B9935D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "4548A6F5-EEB8-48BB-9653-9676FEBA63BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "19B53B8A-6EF1-42BE-90A0-90EE65FBD0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9A71D36B-D2FD-4EDA-9D99-BF9F44DA980D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "403876EC-E2DB-48F5-972E-017991AA5210",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5p2:*:*:*:*:*:*:*",
"matchCriteriaId": "CF42DD1D-A574-489E-A2EA-04EADA78D1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.5p3:*:*:*:*:*:*:*",
"matchCriteriaId": "31969BF5-AF18-472D-B3AF-FB4F64902728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "DB3D2805-A361-4A13-9E19-889CBE703137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p1:*:*:*:*:*:*:*",
"matchCriteriaId": "00C4F9EE-9907-46E8-980F-FEBC5591C1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p2:*:*:*:*:*:*:*",
"matchCriteriaId": "12DD19E7-A84F-4667-BFF7-C8D010648330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p3:*:*:*:*:*:*:*",
"matchCriteriaId": "67E5AA45-D8C7-467C-BB10-0FE923C99D73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p4:*:*:*:*:*:*:*",
"matchCriteriaId": "B9BD09D8-2388-444F-926A-78BD74469928",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5F4C1EC-57BE-49E3-82AE-40B987059C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.6p6:*:*:*:*:*:*:*",
"matchCriteriaId": "73D5E675-B164-4BAF-81BB-6AD00AD810CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*",
"matchCriteriaId": "54614B98-E779-4FD9-ABF0-3ACA3F49921F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A84C0BBA-8C4F-457E-A45E-A4C4DB357B61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "06A22F86-72E8-42AE-BD52-BFF6498AB999",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "7C585A90-21F0-4BCF-85A4-BF470F581CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5B6FF76-F715-489B-8113-F9E00ADAD739",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*",
"matchCriteriaId": "7DD87C06-62F3-4A7B-B7C1-055C41B9A7C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "28E7BF14-597B-4C3F-A8CE-5359C047F9C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E4D329BB-490F-4903-93FC-E45AF6EAEE4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA124FE0-B4E7-4F2E-B611-25D9897C32B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "662FC083-721B-416B-A081-0C474D6764E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A426F146-45BD-4666-81C0-00B719206288",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CBEB4E5-5B8D-4D01-A2A6-8BD6C39B39C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "46C40A7E-2ED8-4D13-A381-A219CC6B1B15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7958DC3-1D59-47CB-A4C8-40EB675ED08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*",
"matchCriteriaId": "119AC9FA-3174-4982-A58F-D5F8FACC7411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*",
"matchCriteriaId": "BF14E93E-29CA-4A30-966B-5D71A03A6B0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p4:*:*:*:*:*:*:*",
"matchCriteriaId": "3E59EA28-3FED-4BBC-AEC6-BE60C3107494",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p5:*:*:*:*:*:*:*",
"matchCriteriaId": "D576845C-2645-46E5-B6EE-C23FA80A44B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.10p6:*:*:*:*:*:*:*",
"matchCriteriaId": "A1AB508A-2DA7-4C06-945E-15D057E47DDA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch."
},
{
"lang": "es",
"value": "sudo v1.6.0 a la v1.7.10p6 y sudo v1.8.0 a la v1.8.6p6, permite a usuarios locales o f\u00edsicamente pr\u00f3ximos evitar las restricciones de tiempo y mantener los privilegios sin necesidad de reautenticarse, simplemente estableciendo el reloj del sistema y el \"timestamp\" del usuario sudo."
}
],
"id": "CVE-2013-1775",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-05T21:38:56.293",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/90677"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"source": "secalert@redhat.com",
"url": "http://support.apple.com/kb/HT5880"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/58203"
},
{
"source": "secalert@redhat.com",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT5880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58203"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-3440
Vulnerability from fkie_nvd - Published: 2012-08-08 10:26 - Updated: 2025-04-11 00:51
Severity ?
Summary
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| todd_miller | sudo | 1.7.2 | |
| redhat | enterprise_linux | 5 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*",
"matchCriteriaId": "AA9B3CC0-DF1C-4A86-B2A3-A9D428A5A6E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file."
},
{
"lang": "es",
"value": "Una secuencia de comandos seguro de Red Hat para sudo v1.7.2 sobre Red Hat Enterprise Linux (RHEL) v5 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlace simb\u00f3lico en el directorio temporal /var/tmp/nsswitch.conf.bak"
}
],
"evaluatorComment": "Additional information: https://rhn.redhat.com/errata/RHSA-2012-1149.html",
"id": "CVE-2012-3440",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 5.6,
"confidentialityImpact": "NONE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 9.2,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-08-08T10:26:19.220",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/54868"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/54868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-2337
Vulnerability from fkie_nvd - Published: 2012-05-18 18:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| todd_miller | sudo | 1.6 | |
| todd_miller | sudo | 1.6.1 | |
| todd_miller | sudo | 1.6.2 | |
| todd_miller | sudo | 1.6.2p3 | |
| todd_miller | sudo | 1.6.3 | |
| todd_miller | sudo | 1.6.3_p7 | |
| todd_miller | sudo | 1.6.4 | |
| todd_miller | sudo | 1.6.4p2 | |
| todd_miller | sudo | 1.6.5 | |
| todd_miller | sudo | 1.6.6 | |
| todd_miller | sudo | 1.6.7 | |
| todd_miller | sudo | 1.6.7p5 | |
| todd_miller | sudo | 1.6.8 | |
| todd_miller | sudo | 1.6.8p12 | |
| todd_miller | sudo | 1.6.9 | |
| todd_miller | sudo | 1.6.9p20 | |
| todd_miller | sudo | 1.6.9p21 | |
| todd_miller | sudo | 1.6.9p22 | |
| todd_miller | sudo | 1.6.9p23 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address."
},
{
"lang": "es",
"value": "sudo v1.6.x y v1.7.x antes de v1.7.9p1, y v1.8.x antes de v1.8.4p5, no admite correctamente las configuraciones que utilizan una sintaxis de la m\u00e1scara de red, lo que permite a usuarios locales eludir restricciones de comandos en circunstancias oportunistas mediante la ejecuci\u00f3n de un comando en un host que tiene una direcci\u00f3n IPv4."
}
],
"id": "CVE-2012-2337",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-05-18T18:55:01.813",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49219"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49244"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49291"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/49948"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securitytracker.com/id?1027077"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"source": "secalert@redhat.com",
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49244"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49291"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/49948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1027077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2012-0809
Vulnerability from fkie_nvd - Published: 2012-02-01 00:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| todd_miller | sudo | 1.8.0 | |
| todd_miller | sudo | 1.8.1 | |
| todd_miller | sudo | 1.8.1p1 | |
| todd_miller | sudo | 1.8.1p2 | |
| todd_miller | sudo | 1.8.2 | |
| todd_miller | sudo | 1.8.3 | |
| todd_miller | sudo | 1.8.3p1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4CCE5D7D-D269-4A10-B3C0-C5177F30BD29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F57804C-633D-4A0C-AF73-21C0BFBEA715",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2447F3-85CF-40F2-9472-B3775DE034DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*",
"matchCriteriaId": "E5B06006-124F-4B11-BEC3-D0E5060FCB56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97FF463B-A0BE-4E14-B644-F42D5D5CAB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2224F7BC-145F-4E06-AAD8-280AD42339CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "344BF379-17AF-4296-B0A7-947B09C1581B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo."
},
{
"lang": "es",
"value": "Una vulnerabilidad de formato de cadena en la funci\u00f3n sudo_debug en Sudo v1.8.0 a v1.8.3p1 permite a usuarios locales ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de secuencias de formato de cadena en el nombre del programa ejecutado en sudo."
}
],
"id": "CVE-2012-0809",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-02-01T00:55:02.070",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0008
Vulnerability from fkie_nvd - Published: 2011-01-20 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F2C9DDD-1AD3-4103-BA68-DB0BAB1595FE",
"versionEndIncluding": "1.7.4p5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7B7FE987-2B49-4FD5-A5A0-35129D4E60C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D796959-61D2-42D5-BF93-1A93AE1392BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "61D6855B-2B49-4695-9C8F-38CBE95E115A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E8D768E6-6B55-448E-B6B6-58391971CA86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "6060C8CB-1592-479E-86AD-AC180F855BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A6DAA88C-BADD-405A-9E66-5B0839595A70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "04D5E3B7-5377-4CA8-BA0D-056870CB717E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "22C11931-B594-43EC-9698-7152B1DF8CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "BE57443E-CFAA-4023-B2B0-FA0B660D7643",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6343C1-FBC8-43E7-A8DA-EB240B958015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "6EF4CB38-4033-46A1-9155-DC348261CAEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
"matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
"matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
"matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6848519-57E8-4636-BE10-A0AF06787B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*",
"matchCriteriaId": "A458EA77-772C-4641-A08A-5733FA386974",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*",
"matchCriteriaId": "57B7415D-FE7F-4F67-8384-016BD6044015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*",
"matchCriteriaId": "09429504-327B-44B3-A651-E933EADA0300",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*",
"matchCriteriaId": "7889BA46-0FAA-4D62-B2BB-B895060F5585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*",
"matchCriteriaId": "84FD9DD4-A6D0-40F4-9A8E-8E0017BE349C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*",
"matchCriteriaId": "B02CEAA5-8409-42AF-A4AE-58D9D16F007F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3E4716-6D11-46DD-9378-3C733BBDCD8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "55799ECB-CEB1-4839-8053-4C1F071D1526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*",
"matchCriteriaId": "D6F99CB6-E185-4CE0-9E43-C5AE9017717B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F6F9C6-85B6-450F-9165-B23C2BF83EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p1:*:*:*:*:*:*:*",
"matchCriteriaId": "147D459A-A9F2-46EF-A413-BABDBA854CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p2:*:*:*:*:*:*:*",
"matchCriteriaId": "59310EB2-D33B-408E-87DA-31769211A3E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p3:*:*:*:*:*:*:*",
"matchCriteriaId": "A23B0A74-F3D6-4993-B69C-72A3DE828E33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p4:*:*:*:*:*:*:*",
"matchCriteriaId": "32CE5850-4B1D-41E0-AAAE-EE2F5C1BC14A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7p5:*:*:*:*:*:*:*",
"matchCriteriaId": "85AA3DDA-BEC4-422D-8542-3FF5C6F5FA38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
"matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*",
"matchCriteriaId": "C90D0AB4-F8A8-4301-99B5-757254FA999A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
"matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7D2832-B654-406E-AA34-B3BD1D6F0A2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
"matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
"matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*",
"matchCriteriaId": "31B2C299-5D0B-44DA-91FD-4B1146BE9A7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p1:*:*:*:*:*:*:*",
"matchCriteriaId": "8BED4713-FC6E-4AC7-B100-8344AF4E2D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p2:*:*:*:*:*:*:*",
"matchCriteriaId": "81B76073-DEA4-4D62-A9FD-07D3306CCCD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p3:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DD679B-25C5-4A78-8004-F073403E4431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p4:*:*:*:*:*:*:*",
"matchCriteriaId": "F95437FF-83F7-443B-9F25-8BE81884C595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p5:*:*:*:*:*:*:*",
"matchCriteriaId": "821B0A1A-707F-4F4A-A110-3C808C275B14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p6:*:*:*:*:*:*:*",
"matchCriteriaId": "4D735BC1-3E87-4286-9F7D-3181064FF2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p7:*:*:*:*:*:*:*",
"matchCriteriaId": "B570E525-A024-4D41-9600-1134433786DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p8:*:*:*:*:*:*:*",
"matchCriteriaId": "0C00A0AF-985D-4046-893B-FE96F21C7B91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p9:*:*:*:*:*:*:*",
"matchCriteriaId": "AB9772A9-0C70-4539-A7B8-51288D0E1B9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p10:*:*:*:*:*:*:*",
"matchCriteriaId": "758916CE-80D8-442E-AAE0-A128FCD69046",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p11:*:*:*:*:*:*:*",
"matchCriteriaId": "FCE213B0-7046-4813-8E63-D767A8E1E0C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8p12:*:*:*:*:*:*:*",
"matchCriteriaId": "BD3604EC-3109-41AF-9068-60C639557BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EE103608-6BCB-4EC0-8EB1-110A80829592",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
"matchCriteriaId": "471284F9-21EF-4ED6-860F-AB86154CCDF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
"matchCriteriaId": "7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
"matchCriteriaId": "E106EBA5-14B3-48F7-BE00-9F0ABD57C33B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p20:*:*:*:*:*:*:*",
"matchCriteriaId": "215B0725-5314-49E6-8A96-2106860F4304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p21:*:*:*:*:*:*:*",
"matchCriteriaId": "E35B5C93-D197-4ADE-88F3-679311B083B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p22:*:*:*:*:*:*:*",
"matchCriteriaId": "99854E9D-4D84-44D9-AB68-175A3048EA34",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p1:*:*:*:*:*:*:*",
"matchCriteriaId": "9FFE8FBC-9182-49CC-B151-EE39FA4176F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1CF6EE-3926-4A2A-BD09-84C0AA025C02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p3:*:*:*:*:*:*:*",
"matchCriteriaId": "05E8BBC5-1D4A-47F8-AEC6-0A4C22E09AC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p4:*:*:*:*:*:*:*",
"matchCriteriaId": "D741DD28-B32B-4A4D-8D73-5F2E2B17B142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p5:*:*:*:*:*:*:*",
"matchCriteriaId": "553C9803-F6E7-491D-AD16-9809AD010DF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B05317-F43C-4F0A-8A15-6B6CD1413E7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p7:*:*:*:*:*:*:*",
"matchCriteriaId": "CF164040-2392-4E37-B9D3-5634322C908C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p8:*:*:*:*:*:*:*",
"matchCriteriaId": "E5D94302-8A20-4678-8B54-E448ED34674D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p9:*:*:*:*:*:*:*",
"matchCriteriaId": "72FC2554-57A2-44D2-B3B0-F4781B4087D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p10:*:*:*:*:*:*:*",
"matchCriteriaId": "2CA72389-8D02-4827-9AC1-594DF3815F61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p11:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE457DB-D4F9-4F7D-8D52-2D226F288A16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p12:*:*:*:*:*:*:*",
"matchCriteriaId": "91A84956-0A2C-48F8-964B-3C3CE1F4B304",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p13:*:*:*:*:*:*:*",
"matchCriteriaId": "0869E8D1-4345-4373-AE39-541A818296FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p14:*:*:*:*:*:*:*",
"matchCriteriaId": "89DFC1E9-730F-49A5-A351-9140B89BBCBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p15:*:*:*:*:*:*:*",
"matchCriteriaId": "521E83C8-F708-493B-9CFF-80747700B783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p16:*:*:*:*:*:*:*",
"matchCriteriaId": "1949F9F8-2267-48FF-88DA-4E7F57AFB740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p17:*:*:*:*:*:*:*",
"matchCriteriaId": "1F9EF929-C19F-488C-ACCA-57C712C8F72E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p18:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD54E9C-3E81-4CB0-843E-A31F55DCB7A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p19:*:*:*:*:*:*:*",
"matchCriteriaId": "B218C163-E5E3-482F-BDBD-C55E55163416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03EF9C-D90D-425E-AC35-8DD02B7C03F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC8D478-8554-4947-926A-8B1B27DD122D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*",
"matchCriteriaId": "64435258-4639-438E-825F-E6AA82D41745",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*",
"matchCriteriaId": "C33BC128-A782-465A-8AF0-860EBC8388EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:fedora:14:*:*:*:*:*:*:*",
"matchCriteriaId": "BA03548F-0C09-403E-B3B4-6E0DB094D47E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
},
{
"lang": "es",
"value": "Un parche en Fedora para parse.c en sudo anterior a v1.7.4p5-1.fc14 en Fedora 14 no interpreta correctamente un system group (tambi\u00e9n conocido como el %group) en el fichero sudoers en las decisiones de autorizaci\u00f3n para un usuario que pertenece a ese grupo, permitiendo a usuarios locales aprovecharse de un fichero sudoers y obtener privilegios de root a trav\u00e9s de un comando sudo. NOTA: esta vulnerabilidad existe debido a la vulnerabilidad CVE-2009-0034."
}
],
"id": "CVE-2011-0008",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-20T19:00:07.443",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42968"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0010
Vulnerability from fkie_nvd - Published: 2011-01-18 18:03 - Updated: 2025-04-11 00:51
Severity ?
Summary
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| todd_miller | sudo | 1.7.0 | |
| todd_miller | sudo | 1.7.1 | |
| todd_miller | sudo | 1.7.2 | |
| todd_miller | sudo | 1.7.2p1 | |
| todd_miller | sudo | 1.7.2p2 | |
| todd_miller | sudo | 1.7.2p3 | |
| todd_miller | sudo | 1.7.2p4 | |
| todd_miller | sudo | 1.7.2p5 | |
| todd_miller | sudo | 1.7.2p6 | |
| todd_miller | sudo | 1.7.2p7 | |
| todd_miller | sudo | 1.7.3b1 | |
| todd_miller | sudo | 1.7.4 | |
| todd_miller | sudo | 1.7.4p1 | |
| todd_miller | sudo | 1.7.4p2 | |
| todd_miller | sudo | 1.7.4p3 | |
| todd_miller | sudo | 1.7.4p4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643ABD1F-83E1-4B71-AA59-8CF8B4018A46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8967DE4C-3D41-4BCE-97B0-469FCFBCE332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5C0D8CB9-3156-4F7F-A616-59EF530540D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C91B0A-44B6-4B33-A0ED-295C56D97546",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*",
"matchCriteriaId": "07945224-A955-4A33-B54B-11D128FCA0F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*",
"matchCriteriaId": "41F70C45-9522-4F49-A5B9-62E03410F03E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEAE0BA2-D9AC-40A3-A4DC-1E33DEE7200C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*",
"matchCriteriaId": "4FEF4FBB-E045-43CE-A9F9-3FF7F9FE3400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*",
"matchCriteriaId": "68372F8A-9AFD-45DE-A9B8-4CDF3154E349",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*",
"matchCriteriaId": "77DC6C6B-4585-401D-B02E-E70E6157DBC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*",
"matchCriteriaId": "55788B87-B41B-43F4-BA54-5208A4233500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "837DD56D-267D-4AAA-9DB3-4B42FAE6E10C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*",
"matchCriteriaId": "444B3D9E-51F6-4CED-9265-576DBDE40897",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*",
"matchCriteriaId": "73FB7063-441C-445B-9C2E-BF92C8F3F43D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*",
"matchCriteriaId": "8D4170A7-4824-4108-A8CA-988F0E3F3747",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*",
"matchCriteriaId": "93EB0CA9-CE51-4AA3-AF29-4F201EB1A45D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command."
},
{
"lang": "es",
"value": "check.c para sudo v1.7.x anterior a v1.7.4p5, cuando un grupo Runas se configura no requiere una contrase\u00f1a para la ejecuci\u00f3n de comandos, lo que implica un cambio gid pero no un cambio de UID, lo que permite a usuarios locales eludir un requisito de autenticaci\u00f3n a trav\u00e9s de la opci\u00f3n -g del comando sudo."
}
],
"id": "CVE-2011-0010",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-01-18T18:03:08.267",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/11/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/1"
},
{
"source": "secalert@redhat.com",
"url": "http://openwall.com/lists/oss-security/2011/01/12/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42886"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42949"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42968"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/43282"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593654"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/70400"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0599.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/45774"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/fe8a94f96542"
},
{
"source": "secalert@redhat.com",
"url": "http://www.sudo.ws/sudo/alerts/runas_group_pw.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1046-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0089"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0182"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/0362"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668879"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/11/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2011/01/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/42886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/43282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/70400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-0599.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/45774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.sudo.ws/repos/sudo/rev/fe8a94f96542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sudo.ws/sudo/alerts/runas_group_pw.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1046-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2011/0089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/0362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668879"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64636"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2016-7032 (GCVE-0-2016-7032)
Vulnerability from cvelistv5 – Published: 2017-04-14 18:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:46.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2872",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"name": "95776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95776"
},
{
"name": "USN-3968-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3968-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-29T17:06:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2872",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"name": "95776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95776"
},
{
"name": "USN-3968-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3968-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2872",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"name": "https://www.sudo.ws/alerts/noexec_bypass.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"name": "95776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95776"
},
{
"name": "USN-3968-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3968-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7032",
"datePublished": "2017-04-14T18:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:46.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0106 (GCVE-0-2014-0106)
Vulnerability from cvelistv5 – Published: 2014-03-11 15:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"name": "SUSE-SU-2014:0475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"name": "RHSA-2014:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"name": "SUSE-SU-2014:0475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"name": "RHSA-2014:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://www.sudo.ws/sudo/alerts/env_add.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"name": "SUSE-SU-2014:0475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2146-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"name": "RHSA-2014:0266",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0106",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1776 (GCVE-0-2013-1776)
Vulnerability from cvelistv5 – Published: 2013-04-08 17:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/632f8e028191",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1776",
"datePublished": "2013-04-08T17:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2777 (GCVE-0-2013-2777)
Vulnerability from cvelistv5 – Published: 2013-04-08 17:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"name": "58207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"name": "RHSA-2013:1701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2777",
"datePublished": "2013-04-08T17:00:00",
"dateReserved": "2013-04-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1775 (GCVE-0-2013-1775)
Vulnerability from cvelistv5 – Published: 2013-03-04 21:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"name": "90677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90677"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "USN-1754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"name": "90677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90677"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "USN-1754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58203"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"name": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"name": "90677",
"refsource": "OSVDB",
"url": "http://osvdb.org/90677"
},
{
"name": "RHSA-2013:1701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "openSUSE-SU-2013:0495",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "USN-1754-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"name": "RHSA-2013:1353",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1775",
"datePublished": "2013-03-04T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3440 (GCVE-0-2012-3440)
Vulnerability from cvelistv5 – Published: 2012-08-08 10:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54868"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3440",
"datePublished": "2012-08-08T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2337 (GCVE-0-2012-2337)
Vulnerability from cvelistv5 – Published: 2012-05-18 18:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"name": "49219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49219"
},
{
"name": "49948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49948"
},
{
"name": "49244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49244"
},
{
"name": "MDVSA-2012:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"name": "49291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49291"
},
{
"name": "DSA-2478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"name": "1027077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"name": "FEDORA-2012-7998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"name": "49219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49219"
},
{
"name": "49948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49948"
},
{
"name": "49244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49244"
},
{
"name": "MDVSA-2012:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"name": "49291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49291"
},
{
"name": "DSA-2478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"name": "1027077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"name": "FEDORA-2012-7998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2337",
"datePublished": "2012-05-18T18:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0809 (GCVE-0-2012-0809)
Vulnerability from cvelistv5 – Published: 2012-02-01 00:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
},
{
"name": "20120130 Advisory: sudo 1.8 Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T18:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
},
{
"name": "20120130 Advisory: sudo 1.8 Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0809",
"datePublished": "2012-02-01T00:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0008 (GCVE-0-2011-0008)
Vulnerability from cvelistv5 – Published: 2011-01-20 18:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0008",
"datePublished": "2011-01-20T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0010 (GCVE-0-2011-0010)
Vulnerability from cvelistv5 – Published: 2011-01-18 17:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/runas_group_pw.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"name": "SSA:2011-041-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593654"
},
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e"
},
{
"name": "ADV-2011-0089",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0089"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "42949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42949"
},
{
"name": "[oss-security] 20110111 CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/11/3"
},
{
"name": "ADV-2011-0182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0182"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"name": "USN-1046-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1046-1"
},
{
"name": "RHSA-2011:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0599.html"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/1"
},
{
"name": "70400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70400"
},
{
"name": "42886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42886"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "sudo-groupid-privilege-escalation(64636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64636"
},
{
"name": "45774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45774"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/3"
},
{
"name": "43282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43282"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/fe8a94f96542"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T18:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-0362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/runas_group_pw.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"name": "SSA:2011-041-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593654"
},
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e"
},
{
"name": "ADV-2011-0089",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0089"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "42949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42949"
},
{
"name": "[oss-security] 20110111 CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/11/3"
},
{
"name": "ADV-2011-0182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0182"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"name": "USN-1046-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1046-1"
},
{
"name": "RHSA-2011:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0599.html"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/1"
},
{
"name": "70400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70400"
},
{
"name": "42886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42886"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "sudo-groupid-privilege-escalation(64636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64636"
},
{
"name": "45774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45774"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/3"
},
{
"name": "43282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43282"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/fe8a94f96542"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0010",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7032 (GCVE-0-2016-7032)
Vulnerability from nvd – Published: 2017-04-14 18:00 – Updated: 2024-08-06 01:50
VLAI?
Summary
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:50:46.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2016:2872",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"name": "95776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95776"
},
{
"name": "USN-3968-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3968-3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-29T17:06:19",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2016:2872",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"name": "95776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95776"
},
{
"name": "USN-3968-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3968-3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2016-7032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:2872",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2872.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1372830"
},
{
"name": "https://www.sudo.ws/alerts/noexec_bypass.html",
"refsource": "CONFIRM",
"url": "https://www.sudo.ws/alerts/noexec_bypass.html"
},
{
"name": "95776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95776"
},
{
"name": "USN-3968-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3968-3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2016-7032",
"datePublished": "2017-04-14T18:00:00",
"dateReserved": "2016-08-23T00:00:00",
"dateUpdated": "2024-08-06T01:50:46.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0106 (GCVE-0-2014-0106)
Vulnerability from nvd – Published: 2014-03-11 15:00 – Updated: 2024-08-06 09:05
VLAI?
Summary
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:05:38.667Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"name": "SUSE-SU-2014:0475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"name": "RHSA-2014:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/65997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-15T17:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"name": "SUSE-SU-2014:0475",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2146-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"name": "RHSA-2014:0266",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/65997"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-0106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "http://www.sudo.ws/sudo/alerts/env_add.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/env_add.html"
},
{
"name": "SUSE-SU-2014:0475",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "USN-2146-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2146-1"
},
{
"name": "RHSA-2014:0266",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0266.html"
},
{
"name": "[oss-security] 20140305 sudo: security policy bypass when env_reset is disabled",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/03/06/2"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "65997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/65997"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-0106",
"datePublished": "2014-03-11T15:00:00",
"dateReserved": "2013-12-03T00:00:00",
"dateUpdated": "2024-08-06T09:05:38.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1776 (GCVE-0-2013-1776)
Vulnerability from nvd – Published: 2013-04-08 17:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:33.004Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/6b22be4d09f0"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/632f8e028191",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/632f8e028191"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "openSUSE-SU-2013:0495",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "RHSA-2013:1353",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1776",
"datePublished": "2013-04-08T17:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:33.004Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2777 (GCVE-0-2013-2777)
Vulnerability from nvd – Published: 2013-04-08 17:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"name": "58207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58207"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/bfa23f089bba"
},
{
"name": "58207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58207"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701839"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/2f3225a2a4a4"
},
{
"name": "RHSA-2013:1701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "[oss-security] 20130227 Re: CVE request: potential bypass of sudo tty_tickets constraints",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/31"
},
{
"name": "http://www.sudo.ws/sudo/alerts/tty_tickets.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/tty_tickets.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/87023"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=916365",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=916365"
},
{
"name": "sudo-ttytickets-sec-bypass(82453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2777",
"datePublished": "2013-04-08T17:00:00",
"dateReserved": "2013-04-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1775 (GCVE-0-2013-1775)
Vulnerability from nvd – Published: 2013-03-04 21:00 – Updated: 2024-08-06 15:13
VLAI?
Summary
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:32.822Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58203",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58203"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"name": "90677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90677"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "USN-1754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT5880"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58203",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58203"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"name": "90677",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90677"
},
{
"name": "RHSA-2013:1701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "openSUSE-SU-2013:0495",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "USN-1754-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "SSA:2013-065-01",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"name": "RHSA-2013:1353",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT5880"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-1775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "58203",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58203"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/ddf399e3e306"
},
{
"name": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/sudo/alerts/epoch_ticket.html"
},
{
"name": "90677",
"refsource": "OSVDB",
"url": "http://osvdb.org/90677"
},
{
"name": "RHSA-2013:1701",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1701.html"
},
{
"name": "DSA-2642",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2642"
},
{
"name": "openSUSE-SU-2013:0495",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00066.html"
},
{
"name": "USN-1754-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1754-1"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2013-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"
},
{
"name": "SSA:2013-065-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2013\u0026m=slackware-security.517440"
},
{
"name": "[oss-security] 20130227 CVE request: sudo authentication bypass when clock is reset",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/27/22"
},
{
"name": "RHSA-2013:1353",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1353.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/repos/sudo/rev/ebd6cc75020f"
},
{
"name": "http://support.apple.com/kb/HT5880",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5880"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-1775",
"datePublished": "2013-03-04T21:00:00",
"dateReserved": "2013-02-19T00:00:00",
"dateUpdated": "2024-08-06T15:13:32.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-3440 (GCVE-0-2012-3440)
Vulnerability from nvd – Published: 2012-08-08 10:00 – Updated: 2024-08-06 20:05
VLAI?
Summary
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:05:12.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/54868"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-07-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=844442"
},
{
"name": "54868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/54868"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-3440",
"datePublished": "2012-08-08T10:00:00",
"dateReserved": "2012-06-14T00:00:00",
"dateUpdated": "2024-08-06T20:05:12.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2337 (GCVE-0-2012-2337)
Vulnerability from nvd – Published: 2012-05-18 18:00 – Updated: 2024-08-06 19:34
VLAI?
Summary
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:24.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"name": "49219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49219"
},
{
"name": "49948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49948"
},
{
"name": "49244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49244"
},
{
"name": "MDVSA-2012:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"name": "49291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49291"
},
{
"name": "DSA-2478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"name": "1027077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1027077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"name": "FEDORA-2012-7998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-05-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820677"
},
{
"name": "49219",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49219"
},
{
"name": "49948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49948"
},
{
"name": "49244",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49244"
},
{
"name": "MDVSA-2012:079",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:079"
},
{
"name": "49291",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49291"
},
{
"name": "DSA-2478",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2478"
},
{
"name": "1027077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1027077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.suse.com/security/cve/CVE-2012-2337/"
},
{
"name": "FEDORA-2012-7998",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081432.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/netmask.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-2337",
"datePublished": "2012-05-18T18:00:00",
"dateReserved": "2012-04-19T00:00:00",
"dateUpdated": "2024-08-06T19:34:24.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0809 (GCVE-0-2012-0809)
Vulnerability from nvd – Published: 2012-02-01 00:00 – Updated: 2024-08-06 18:38
VLAI?
Summary
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
},
{
"name": "20120130 Advisory: sudo 1.8 Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T18:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/att-0591/advisory_sudo.txt"
},
{
"name": "20120130 Advisory: sudo 1.8 Format String Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-01/0591.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/sudo_debug.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0809",
"datePublished": "2012-02-01T00:00:00",
"dateReserved": "2012-01-19T00:00:00",
"dateUpdated": "2024-08-06T18:38:14.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0008 (GCVE-0-2011-0008)
Vulnerability from nvd – Published: 2011-01-20 18:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.454Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668843"
},
{
"name": "sudo-parse-privilege-escalation(64965)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64965"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0008",
"datePublished": "2011-01-20T18:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.454Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0010 (GCVE-0-2011-0010)
Vulnerability from nvd – Published: 2011-01-18 17:00 – Updated: 2024-08-06 21:36
VLAI?
Summary
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:36:02.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2011-0362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0362"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/sudo/alerts/runas_group_pw.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"name": "SSA:2011-041-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE",
"x_transferred"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593654"
},
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e"
},
{
"name": "ADV-2011-0089",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0089"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "42949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42949"
},
{
"name": "[oss-security] 20110111 CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/11/3"
},
{
"name": "ADV-2011-0182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0182"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"name": "USN-1046-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1046-1"
},
{
"name": "RHSA-2011:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0599.html"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/1"
},
{
"name": "70400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/70400"
},
{
"name": "42886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42886"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "sudo-groupid-privilege-escalation(64636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64636"
},
{
"name": "45774",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/45774"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/3"
},
{
"name": "43282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43282"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.sudo.ws/repos/sudo/rev/fe8a94f96542"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668879"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T18:57:02",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2011-0362",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0362"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/sudo/alerts/runas_group_pw.html"
},
{
"name": "43068",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43068"
},
{
"name": "GLSA-201203-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201203-06.xml"
},
{
"name": "SSA:2011-041-05",
"tags": [
"vendor-advisory",
"x_refsource_SLACKWARE"
],
"url": "http://slackware.com/security/viewer.php?l=slackware-security\u0026y=2011\u0026m=slackware-security.593654"
},
{
"name": "MDVSA-2011:018",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:018"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sudo.ws/repos/sudo/rev/07d1b0ce530e"
},
{
"name": "ADV-2011-0089",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0089"
},
{
"name": "ADV-2011-0212",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "42949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42949"
},
{
"name": "[oss-security] 20110111 CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/11/3"
},
{
"name": "ADV-2011-0182",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0182"
},
{
"name": "FEDORA-2011-0470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html"
},
{
"name": "ADV-2011-0199",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0199"
},
{
"name": "USN-1046-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1046-1"
},
{
"name": "RHSA-2011:0599",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-0599.html"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/1"
},
{
"name": "70400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/70400"
},
{
"name": "42886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42886"
},
{
"name": "SUSE-SR:2011:002",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "sudo-groupid-privilege-escalation(64636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64636"
},
{
"name": "45774",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/45774"
},
{
"name": "[oss-security] 20110112 Re: CVE request: sudo does not ask for password on GID changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/01/12/3"
},
{
"name": "43282",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43282"
},
{
"name": "FEDORA-2011-0455",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-January/053341.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.sudo.ws/repos/sudo/rev/fe8a94f96542"
},
{
"name": "ADV-2011-0195",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/0195"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=668879"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641"
},
{
"name": "42968",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42968"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-0010",
"datePublished": "2011-01-18T17:00:00",
"dateReserved": "2010-12-07T00:00:00",
"dateUpdated": "2024-08-06T21:36:02.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}