Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
todd miller sudo 1.6.3 p3 vulnerabilities and exploits
(subscribe to this query)
725
VMScore
CVE-2002-0043
sudo 1.6.0 up to and including 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.3 P1
1 EDB exploit
641
VMScore
CVE-2006-0151
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.8 P7
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.8 P9
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.5 P1
1 Github repository
641
VMScore
CVE-2004-1051
sudo prior to 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.4
625
VMScore
CVE-2007-4305
Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail policies in Systrace on NetBSD and OpenBSD allow local users to defeat system call interposition, and consequently bypass access control policy and auditing.
Sysjail Sysjail
Systrace Systrace
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3 P7
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.6.3p4
Todd Miller Sudo 1.6.3p5
1 EDB exploit
615
VMScore
CVE-2010-0426
sudo 1.6.x prior to 1.6.9p21 and 1.7.x prior to 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable fil...
Todd Miller Sudo 1.6.9 P18
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.8 P7
Todd Miller Sudo 1.7.0
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.7.1
Todd Miller Sudo 1.7.2p2
Todd Miller Sudo 1.7.2
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.8 P9
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.7.2p1
Todd Miller Sudo 1.7.2p3
Todd Miller Sudo 1.6.8 P1
3 Github repositories
614
VMScore
CVE-2011-0008
A certain Fedora patch for parse.c in sudo prior to 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudo...
Todd Miller Sudo
Todd Miller Sudo 1.3.1
Todd Miller Sudo 1.5
Todd Miller Sudo 1.5.2
Todd Miller Sudo 1.5.3
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.2p1
Todd Miller Sudo 1.6.2p2
Todd Miller Sudo 1.6.2p3
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.3 P6
475
VMScore
CVE-2005-4158
Sudo prior to 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as librar...
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.8 P7
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.8 P9
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.3 P7
3 EDB exploits
409
VMScore
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and previous versions allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Todd Miller Sudo 1.6.3p1
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.3p3
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.3p2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.4p1
Todd Miller Sudo 1.6.5p2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.3p4
Todd Miller Sudo 1.6.3p6
392
VMScore
CVE-2010-0427
sudo 1.6.x prior to 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
Todd Miller Sudo 1.6.9 P18
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.8 P12
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.8 P9
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.9 P19
Todd Miller Sudo 1.6.9 P17
Todd Miller Sudo 1.6.3 P7
329
VMScore
CVE-2005-1993
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.6.3 P6
Todd Miller Sudo 1.3.1
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.8 P7
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.4 P2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.3 P5
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.4 P1
Todd Miller Sudo 1.6.3 P2
Todd Miller Sudo 1.6.3 P4
Todd Miller Sudo 1.6.5 P2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.3 P3
Todd Miller Sudo 1.6.8 P1
Todd Miller Sudo 1.6.5 P1
Todd Miller Sudo 1.6.3 P7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
logic flaw
CVE-2024-23692
CVE-2024-26229
CVE-2024-35255
CVE-2024-5835
CVE-2024-5837
XML external entity
dos
CVE-2024-5813
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »