CVE-2015-8239

CWE-362Race ConditionCWE-3678 documents7 sources
Severity
7.0HIGH
EPSS
0.9%
top 24.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Sudo Project Sudo
Timeline
PublishedOct 10
Latest updateMay 17

Description

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

Debiansudo< 1.8.17p1-1+3
NVDsudo_project/sudo8 versions+7

Patches

Patch: bugzilla.redhat.comPatch: www.sudo.wsPatch: www.sudo.ws

🔴Vulnerability Details

3
GHSA
GHSA-w2j3-vrwq-vgh5: The SHA-2 digest support in the sudoers plugin in sudo after 12022-05-17
CVEList
CVE-2015-8239: The SHA-2 digest support in the sudoers plugin in sudo after 12017-10-10
OSV
CVE-2015-8239: The SHA-2 digest support in the sudoers plugin in sudo after 12017-10-10

📋Vendor Advisories

2
Red Hat
sudo: Race condition when checking digests in sudoers2015-11-09
Debian
CVE-2015-8239: sudo - The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local ...2015

💬Community

2
Bugzilla
CVE-2015-8239 sudo: Race condition when checking digests in sudoers [fedora-all]2015-11-19
Bugzilla
CVE-2015-8239 sudo: Race condition when checking digests in sudoers2015-11-19
CVE-2015-8239 (HIGH CVSS 7) | The SHA-2 digest support in the sud | cvebase.io