Sudo Project Sudo vulnerabilities

CVE-2017-1000367 [MEDIUM] CWE-362 CVE-2017-1000367: Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

CVE-2014-9680 [LOW] CWE-200 CVE-2014-9680: sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo fi sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives

CVE-2015-5602 [HIGH] CWE-264 CVE-2015-5602: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

CVE-2002-0184 [HIGH] CWE-131 CVE-2002-0184: Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.