Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2005-4890

Published: 04/11/2019 Updated: 18/08/2020
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Debian

Vulnerability Summary

There is a possible tty hijacking in shadow 4.x prior to 4.1.5 and sudo 1.x prior to 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

debian shadow

sudo project sudo

debian debian linux 8.0

debian debian linux 9.0

debian debian linux 10.0

redhat enterprise linux 5

redhat enterprise linux 4

redhat enterprise linux 6.0

Vendor Advisories

Debian CVElist Bug Report Logs: policykit-1: CVE-2016-2568: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl
Debian Bug report logs - #812512 policykit-1: CVE-2016-2568: Program run via pkexec as unprivileged user can escape to parent session via TIOCSTI ioctl Package: src:policykit-1; Maintainer for src:policykit-1 is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Reported by: up201407890@alunosdccfcup ...
Debian CVElist Bug Report Logs: adequate: CVE-2013-6409: privilege escalation via tty hijacking
Debian Bug report logs - #730691 adequate: CVE-2013-6409: privilege escalation via tty hijacking Package: adequate; Maintainer for adequate is Debian QA Group <packages@qadebianorg>; Source for adequate is src:adequate (PTS, buildd, popcon) Reported by: Jakub Wilk <jwilk@debianorg> Date: Thu, 28 Nov 2013 09:57:01 ...
Debian CVElist Bug Report Logs: coreutils: CVE-2016-2781: nonpriv session can escape to the parent session by using the TIOCSTI ioctl
Debian Bug report logs - #816320 coreutils: CVE-2016-2781: nonpriv session can escape to the parent session by using the TIOCSTI ioctl Package: src:coreutils; Maintainer for src:coreutils is Michael Stone <mstone@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 29 Feb 2016 19:48:01 UTC Se ...
Debian CVElist Bug Report Logs: CVE-2017-5226 -- bubblewrap escape
Debian Bug report logs - #850702 CVE-2017-5226 -- bubblewrap escape Package: bubblewrap; Maintainer for bubblewrap is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for bubblewrap is src:bubblewrap (PTS, buildd, popcon) Reported by: up201407890@alunosdccfcuppt Date: Mon, 9 Jan 2017 13 ...
Debian CVElist Bug Report Logs: login: tty hijacking possible in "su" via TIOCSTI ioctl
Debian Bug report logs - #628843 login: tty hijacking possible in "su" via TIOCSTI ioctl Package: src:shadow; Maintainer for src:shadow is Shadow package maintainers <pkg-shadow-devel@listsaliothdebianorg>; Reported by: Daniel Ruoso <daniel@ruosocom> Date: Wed, 1 Jun 2011 19:27:02 UTC Severity: important Tags: c ...

Github Repositories

https://github.com/agnostic-apollo/sudo

A wrapper script to drop to the supported shells or execute shell script files or their text passed as an argument with superuser (root) context in termux

sudo sudo is a wrapper script to drop to any supported shell or execute shell script files or their text passed as an argument with superuser (root) context in Termux App Check the Usage and Command Types sections for more info on what type of commands can be run sudo stands for superuser do The device must be rooted and ideally Termux must have been granted root permissions

https://github.com/RouzanXploitSec47/sudo

sudo sudo is a wrapper script to drop to any supported shell or execute shell script files or their text passed as an argument with superuser (root) context in Termux App Check the Usage and Command Types sections for more info on what type of commands can be run sudo stands for superuser do The device must be rooted and ideally Termux must have been granted root permissions

References

CWE-20https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890https://access.redhat.com/security/cve/cve-2005-4890http://www.openwall.com/lists/oss-security/2013/05/20/3http://www.openwall.com/lists/oss-security/2014/10/20/9http://www.openwall.com/lists/oss-security/2013/11/29/5http://www.openwall.com/lists/oss-security/2013/11/28/10http://www.openwall.com/lists/oss-security/2016/02/25/6http://www.openwall.com/lists/oss-security/2014/12/15/5http://www.openwall.com/lists/oss-security/2014/10/21/1https://security-tracker.debian.org/tracker/CVE-2005-4890http://www.openwall.com/lists/oss-security/2012/11/06/8https://nvd.nist.govhttps://github.com/agnostic-apollo/sudohttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812512
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook