CVE-2008-3067

CWE-2557 documents7 sources

Severity

2.1LOW

EPSS

0.1%

top 82.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Suse Opensuse

Timeline

PublishedJul 7

Latest updateMay 1

Description

sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiansudo< 1.6.9p12-1+3

▶NVDsuse/opensuse10.3

🔴Vulnerability Details

GHSA

GHSA-cwp2-23c5-767r: sudo in SUSE openSUSE 10↗2022-05-01

▶

CVEList

CVE-2008-3067: sudo in SUSE openSUSE 10↗2008-07-07

▶

OSV

CVE-2008-3067: sudo in SUSE openSUSE 10↗2008-07-07

▶

📋Vendor Advisories

Red Hat

sudo: does not flush stdin buffer on password timeout↗2008-07-04

▶

Debian

CVE-2008-3067: sudo - sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry t...↗2008

▶

💬Community

Bugzilla

CVE-2008-3067 sudo: does not flush stdin buffer on password timeout↗2008-07-08

▶