Debian Sudo vulnerabilities

CVE-2009-0034 [HIGH] CVE-2009-0034: sudo - parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system g... parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. Scope: local bookworm: resolved (fixed in 1.6.9p17-2) bullseye: resolved (fix

CVE-2008-3067 [LOW] CVE-2008-3067: sudo - sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry t... sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits. Scope: local bookworm: resolved (fixed in 1.6.9p12-1) bullseye: resolved (fixed in 1.6.9p12-1) forky: resolved (fixed in 1.6.9p12-1) sid: resolved (fixed in 1

CVE-2007-3149 [HIGH] CVE-2007-3149: sudo - sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a ... sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who ca

CVE-2006-0151 [MEDIUM] CVE-2006-0151: sudo - sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment varia... sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. Scope: local bookworm: resolved (fixed in 1.6.8p12-1) bullseye: resolved (fixed in 1.6.8p12-1) forky: resolved (fixed in 1.6.8p12-1) sid: resolved (fixed in 1.6.8p12-1) trixie: resolved

CVE-2005-2959 [MEDIUM] CVE-2005-2959: sudo - Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users ... Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. Scope: local bookworm: resolved (fixed in 1.6.8p9-3) bullseye: resolved (fixed in 1.6.8p9-3) forky: res

CVE-2005-4158 [MEDIUM] CVE-2005-4158: sudo - Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) P... Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script. Scope: local bookworm: resolved (fixed in 1.6.8p12-1

CVE-2005-1993 [LOW] CVE-2005-1993: sudo - Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used ... Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. Scope: local bookworm: resolved (fixed in 1.6.8p9-1) bullseye: resolved (fixed in 1.6.8p9-1) forky: resolved (fixed in 1.6.8p9-1) sid: resolved (fixed in 1.6.8p9-1) trixie: resolved (fixed in 1.

CVE-2005-4890 [HIGH] CVE-2005-4890: shadow - There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before... There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process. Scope: local bookworm: resolved (fixed in 1:4.1.5-1) bullseye: resolved (fixed in 1:4.1.5-1) forky: re

CVE-2005-1119 [LOW] CVE-2005-1119: sudo - Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via ... Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2005-1831 [HIGH] CVE-2005-1831: sudo - Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows l... Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don't see how t

CVE-2004-1051 [HIGH] CVE-2004-1051: sudo - sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "(... sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. Scope: local bookworm: resolved (fixed in 1.6.8p3-1) bullseye: resolved (fixed in 1.6.8p3-1) forky: resolved (fixed in 1.6

CVE-2004-1689 [LOW] CVE-2004-1689: sudo - sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges... sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. Scope: local bookworm: resolved (fixed in 1.6.8p3-1) bullseye: resolved (fixed in 1.6.8p3-1) forky: resolved (fixed in 1.6.8p3-1) sid: resolved (fixed in 1.6.8p3-1) trixie: r