CVE-2005-1831

4 documents4 sources
Severity
8.4HIGH
EPSS
0.3%
top 51.78%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Todd Miller Sudo
Timeline
PublishedMay 31
Latest updateMay 1

Description

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how this could happen unless the user's actual password was empty.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.5 | Impact: 5.9

Affected Packages1 packages

NVDtodd_miller/sudo1.6.8p7

🔴Vulnerability Details

2
GHSA
GHSA-jf55-3j9h-grf2: ** DISPUTED ** Sudo 12022-05-01
CVEList
CVE-2005-1831: Sudo 12005-06-02

📋Vendor Advisories

1
Debian
CVE-2005-1831: sudo - Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows l...2005
CVE-2005-1831 (HIGH CVSS 8.4) | Sudo 1.6.8p7 on SuSE Linux 9.3 | cvebase.io