Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
todd miller sudo 1.6.3p7 vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2002-0043
sudo 1.6.0 up to and including 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.3 P1
1 EDB exploit
6.9
CVSSv2
CVE-2011-0008
A certain Fedora patch for parse.c in sudo prior to 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudo...
Todd Miller Sudo
Todd Miller Sudo 1.3.1
Todd Miller Sudo 1.5
Todd Miller Sudo 1.5.2
Todd Miller Sudo 1.5.3
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.2p1
Todd Miller Sudo 1.6.2p2
Todd Miller Sudo 1.6.2p3
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.3 P6
6.2
CVSSv2
CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 up to and including 1.6.9p22 and 1.7.0 up to and including 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH v...
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.9p1
Todd Miller Sudo 1.6.8p1
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.3.1
Todd Miller Sudo 1.7.2p4
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.9p14
Todd Miller Sudo 1.6.9p17
Todd Miller Sudo 1.7.0
Todd Miller Sudo 1.6.8p5
Todd Miller Sudo 1.6.7p3
Todd Miller Sudo 1.6.8p8
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.8p2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.9p15
Todd Miller Sudo 1.6.7p1
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.7.2p2
6.2
CVSSv2
CVE-2007-4305
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
Sysjail Sysjail
Systrace Systrace
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.6.3p4
Todd Miller Sudo 1.6.3p5
1 EDB exploit
4.6
CVSSv2
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and previous versions allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.4p1
Todd Miller Sudo 1.6.5p2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.3p4
Todd Miller Sudo 1.6.3p6
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
malicious code
XML injection
CVE-2024-28020
CVE-2024-35252
CVE-2024-5833
CVE-2024-30066
injection
CVE-2024-23282
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started