Latest sudo project sudo Vulnerabilities

CVE-2023-7090
Sudo: improper handling of ipa_hostname leads to privilege mismanagement
redhat/sudo<1.8.28
Sudo Project Sudo<1.8.28
CVE-2023-42465
From <a href="https://www.openwall.com/lists/oss-security/2023/12/21/9">https://www.openwall.com/lists/oss-security/2023/12/21/9</a> a new CVE has been reserved against the sudo package. ''' Our rece...
Sudo Project Sudo<1.9.15
redhat/sudo<1.9.15
CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Sudo Project Sudo<1.9.13
redhat/sudo<1.9.13
Netapp Active Iq Unified Manager Vmware Vsphere
CVE-2023-28486
Sudo before 1.9.13 does not escape control characters in log messages.
Sudo Project Sudo<1.9.13
redhat/sudo<1.9.13
Netapp Active Iq Unified Manager Vmware Vsphere
CVE-2023-27320
Sudo before 1.9.13p2 has a double free in the per-command chroot feature.
Sudo Project Sudo>=1.9.8<1.9.13
Sudo Project Sudo=1.9.13
Sudo Project Sudo=1.9.13-p1
Fedoraproject Fedora=36
Fedoraproject Fedora=37
Fedoraproject Fedora=38
CVE-2023-22809
A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisi...
<13.4
IBM Security Guardium<=11.3
IBM Security Guardium<=11.4
IBM Security Guardium<=11.5
Sudo Project Sudo>=1.8.0<1.9.12
Sudo Project Sudo=1.9.12
and 20 more
CVE-2022-43995
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered...
Sudo Project Sudo>=1.8.0<1.9.12
Sudo Project Sudo=1.9.12
CVE-2021-3156
Sudo Heap-Based Buffer Overflow Vulnerability
debian/sudo
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
and 55 more
CVE-2021-23240
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary f...
Sudo Project Sudo<1.8.32
Sudo Project Sudo>=1.9.0<1.9.5
Netapp Hci Management Node
Netapp Solidfire
Fedoraproject Fedora=32
Fedoraproject Fedora=33
CVE-2021-23239
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled ...
Sudo Project Sudo<1.8.32
Sudo Project Sudo>=1.9.0<1.9.5
Netapp Cloud Backup
Netapp Hci Management Node
Netapp Solidfire
Fedoraproject Fedora=32
and 2 more
CVE-2019-18634
Apple macOS Catalina is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the privileged sudo process. By sending an overly long string to the stdin of getln() in tget...
Sudo Project Sudo>=1.7.1<1.8.26
Debian Debian Linux=8.0
Debian Debian Linux=9.0
Debian Debian Linux=10.0
redhat/sudo<1.8.31
IBM Data Risk Manager<=2.0.6
and 5 more
CVE-2019-18684
** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determinin...
Sudo Project Sudo<=1.8.29
<=1.8.29
CVE-2019-14287
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a craf...
redhat/sudo<0:1.7.2p1-31.el5_11.1
redhat/sudo<0:1.8.6p3-29.el6_10.2
redhat/sudo<0:1.8.6p3-12.el6_5.2
redhat/sudo<0:1.8.6p3-15.el6_6.2
redhat/sudo<0:1.8.23-4.el7_7.1
redhat/sudo<0:1.8.6p7-17.el7_2.2
and 63 more
CVE-2016-7076
sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user perm...
Sudo Project Sudo>=1.6.8<=1.8.18
ubuntu/sudo<1.8.9
ubuntu/sudo<1.8.18
ubuntu/sudo<1.8.16-0ubuntu1.6
debian/sudo

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203