Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sudo project sudo vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv2
CVE-2017-1000368
Todd Miller's sudo version 1.8.20p1 and previous versions is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
Sudo Project Sudo 1.8.20
Sudo Project Sudo
2 Github repositories
6.9
CVSSv2
CVE-2017-1000367
Todd Miller's sudo version 1.8.20 and previous versions is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
Sudo Project Sudo
1 EDB exploit
3 Github repositories
7.2
CVSSv2
CVE-2015-5602
sudoedit in Sudo prior to 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
Sudo Project Sudo
1 EDB exploit
2 Github repositories
4.4
CVSSv2
CVE-2013-2776
sudo 1.3.5 up to and including 1.7.10p5 and 1.8.0 up to and including 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissi...
Todd Miller Sudo 1.7.8p1
Todd Miller Sudo 1.7.8
Todd Miller Sudo 1.7.4p3
Todd Miller Sudo 1.7.4
Todd Miller Sudo 1.7.2p4
Todd Miller Sudo 1.7.7
Todd Miller Sudo 1.7.6p2
Todd Miller Sudo 1.7.4p1
Todd Miller Sudo 1.7.4p4
Todd Miller Sudo 1.7.2p3
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.6.4p2
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.6.7p5
Todd Miller Sudo 1.6.8p12
Todd Miller Sudo 1.3.5
Todd Miller Sudo 1.7.10
Todd Miller Sudo 1.7.2p2
Todd Miller Sudo 1.6.9p23
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.9p22
Todd Miller Sudo 1.6.2p3
4.4
CVSSv2
CVE-2013-2777
sudo prior to 1.7.10p5 and 1.8.x prior to 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session w...
Apple Mac Os X
Todd Miller Sudo 1.7.9p1
Todd Miller Sudo 1.7.9
Todd Miller Sudo 1.7.6
Todd Miller Sudo 1.7.5
Todd Miller Sudo 1.7.4p6
Todd Miller Sudo 1.7.3b1
Todd Miller Sudo 1.7.2p7
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.6.4
Todd Miller Sudo 1.7.10
Todd Miller Sudo 1.7.6p2
Todd Miller Sudo 1.7.6p1
Todd Miller Sudo 1.7.4p1
Todd Miller Sudo 1.7.4p4
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.7.2p1
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.6.9p21
Todd Miller Sudo 1.6.7p5
Todd Miller Sudo 1.6.8p12
Todd Miller Sudo 1.7.10p1
4.4
CVSSv2
CVE-2013-1776
sudo 1.3.5 up to and including 1.7.10 and 1.8.0 up to and including 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vector...
Apple Mac Os X
Todd Miller Sudo 1.8.1p2
Todd Miller Sudo 1.8.2
Todd Miller Sudo 1.8.4p4
Todd Miller Sudo 1.8.4p5
Todd Miller Sudo 1.8.3
Todd Miller Sudo 1.8.3p1
Todd Miller Sudo 1.8.3p2
Todd Miller Sudo 1.8.5
Todd Miller Sudo 1.8.0
Todd Miller Sudo 1.8.4
Todd Miller Sudo 1.8.4p1
Todd Miller Sudo 1.8.1
Todd Miller Sudo 1.8.1p1
Todd Miller Sudo 1.8.4p2
Todd Miller Sudo 1.8.4p3
Todd Miller Sudo 1.7.8p1
Todd Miller Sudo 1.7.8
Todd Miller Sudo 1.7.4p2
Todd Miller Sudo 1.7.4p3
Todd Miller Sudo 1.7.4
Todd Miller Sudo 1.7.2p4
6.9
CVSSv2
CVE-2013-1775
sudo 1.6.0 up to and including 1.7.10p6 and sudo 1.8.0 up to and including 1.8.6p6 allows local users or physically proximate malicious users to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp t...
Todd Miller Sudo 1.6.9p21
Todd Miller Sudo 1.6.7p5
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.9p22
Todd Miller Sudo 1.6.2p3
Todd Miller Sudo 1.6.4
Todd Miller Sudo 1.6.8p12
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.9p23
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.9
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4p2
Todd Miller Sudo 1.6.9p20
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.8.1p2
Todd Miller Sudo 1.8.2
Todd Miller Sudo 1.8.4p3
2 EDB exploits
1 Github repository
6.2
CVSSv2
CVE-2012-5536
A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat Enterprise Linux (RHEL) 6 and Fedora Rawhide calls the glibc error function instead of the error function in the OpenSSH codebase, which allows local users to obtain sensitive information from process memory or p...
Redhat Enterprise Linux 6.0
Fedora Project Fedora Release Rawhide -
4.4
CVSSv2
CVE-2010-0427
sudo 1.6.x prior to 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.7 P5
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.9 P17
Todd Miller Sudo 1.6.9 P19
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.8 P9
Todd Miller Sudo 1.6.9 P18
Todd Miller Sudo 1.6.3 P6
6.9
CVSSv2
CVE-2010-0426
sudo 1.6.x prior to 1.6.9p21 and 1.7.x prior to 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable fil...
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.8 P2
Todd Miller Sudo 1.6.8 P5
Todd Miller Sudo 1.7.0
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.8 P7
Todd Miller Sudo 1.6.8 P8
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.7.2p1
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.7 P5
Todd Miller Sudo 1.6.8 P1
3 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypass
CVE-2024-30051
remote
CVE-2024-27954
CVE-2023-51483
CVE-2023-47782
SSRF
CVE-2024-24715
CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »