Sudo Project Sudo vulnerabilities
48 known vulnerabilities affecting sudo_project/sudo.
Total CVEs
48
CISA KEV
2
actively exploited
Public exploits
13
Exploited in wild
4
Severity breakdown
HIGH26MEDIUM17LOW5
Vulnerabilities
Page 2 of 3
CVE-2004-1689P4LOWCVSS 2.1PoC≥ 0, < 1.6.8p3-12004-09-16
CVE-2004-1689 [LOW] CVE-2004-1689: sudoedit (aka sudo -e) in sudo 1
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
osv
CVE-2017-1000368P3HIGHCVSS 8.2≤ 1.8.20v1.8.202017-06-05
CVE-2017-1000368 [HIGH] CWE-20 CVE-2017-1000368: Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newli
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
nvdosv
CVE-2023-42465P3HIGHCVSS 7.0fixed in 1.9.152023-12-22
CVE-2023-42465 [HIGH] CVE-2023-42465: Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation
Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.
nvdosv
CVE-2009-0034P4HIGHCVSS 7.8≥ 0, < 1.6.9p17-22009-01-30
CVE-2009-0034 [HIGH] CVE-2009-0034: parse
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.
osv
CVE-2022-43995P4HIGHCVSS 7.1≥ 1.8.0, < 1.9.12v1.9.122022-11-02
CVE-2022-43995 [HIGH] CWE-125 CVE-2022-43995: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd
Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system librarie
nvdosv
CVE-2019-18684P4HIGHCVSS 7.0≤ 1.8.292019-11-04
CVE-2019-18684 [HIGH] CWE-362 CVE-2019-18684: Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descrip
Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a passw
nvd
CVE-2015-8239P4HIGHCVSS 7.0v1.8.8v1.8.9+6 more2017-10-10
CVE-2015-8239 [HIGH] CWE-362 CVE-2015-8239: The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write per
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
nvdosv
CVE-2016-7032P4HIGHCVSS 7.0≥ 0, < 1.8.15-12017-04-14
CVE-2016-7032 [HIGH] CVE-2016-7032: sudo_noexec
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
osv
CVE-2010-0426P4MEDIUMCVSS 6.9≥ 0, < 1.7.2p1-1.22010-02-24
CVE-2010-0426 [MEDIUM] CVE-2010-0426: sudo 1
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory.
osv
CVE-2004-1051P4HIGHCVSS 7.2≥ 0, < 1.6.8p3-12005-03-01
CVE-2004-1051 [HIGH] CVE-2004-1051: sudo before 1
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
osv
CVE-2023-28487P4MEDIUMCVSS 5.3fixed in 1.9.132023-03-16
CVE-2023-28487 [MEDIUM] CWE-116 CVE-2023-28487: Sudo before 1.9.13 does not escape control characters in sudoreplay output.
Sudo before 1.9.13 does not escape control characters in sudoreplay output.
nvdosv
CVE-2023-28486P4MEDIUMCVSS 5.3fixed in 1.9.132023-03-16
CVE-2023-28486 [MEDIUM] CWE-116 CVE-2023-28486: Sudo before 1.9.13 does not escape control characters in log messages.
Sudo before 1.9.13 does not escape control characters in log messages.
nvdosv
CVE-2012-2337P4HIGHCVSS 7.2≥ 0, < 1.8.3p2-1.12012-05-18
CVE-2012-2337 [HIGH] CVE-2012-2337: sudo 1
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
osv
CVE-2010-1163P4MEDIUMCVSS 6.9≥ 0, < 1.7.2p6-12010-04-16
CVE-2010-1163 [MEDIUM] CVE-2010-1163: The command matching functionality in sudo 1
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426.
osv
CVE-2006-0151P4MEDIUMCVSS 4.6≥ 0, < 1.6.8p12-12006-01-09
CVE-2006-0151 [MEDIUM] CVE-2006-0151: sudo 1
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
osv
CVE-2010-2956P4MEDIUMCVSS 6.2≥ 0, < 1.7.4p4-12010-09-10
CVE-2010-2956 [MEDIUM] CVE-2010-2956: Sudo 1
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
osv
CVE-2010-1646P4MEDIUMCVSS 6.2≥ 0, < 1.7.2p7-12010-06-07
CVE-2010-1646 [MEDIUM] CVE-2010-1646: The secure path feature in env
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
osv
CVE-2014-0106P4MEDIUMCVSS 6.6≥ 0, < 1.8.5p2-12014-03-11
CVE-2014-0106 [MEDIUM] CVE-2014-0106: Sudo 1
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
osv
CVE-2010-0427P4MEDIUMCVSS 4.4≥ 0, < 1.7.0-12010-02-25
CVE-2010-0427 [MEDIUM] CVE-2010-0427: sudo 1
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
osv
CVE-2011-0010P4MEDIUMCVSS 4.4≥ 0, < 1.7.4p4-62011-01-18
CVE-2011-0010 [MEDIUM] CVE-2011-0010: check
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
osv