cbcvebase.

Todd Miller Sudo vulnerabilities

29 known vulnerabilities affecting todd_miller/sudo.

Total CVEs
29
CISA KEV
0
Public exploits
6
Exploited in wild
0
Severity breakdown
HIGH9MEDIUM16LOW4

Vulnerabilities

Page 2 of 2
CVE-2010-0427P4MEDIUMCVSS 4.4v1.6v1.6.1+26 more2010-02-25
CVE-2010-0427 [MEDIUM] CWE-264 CVE-2010-0427: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group membe sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
nvd
CVE-2011-0010P4MEDIUMCVSS 4.4v1.7.0v1.7.1+14 more2011-01-18
CVE-2011-0010 [MEDIUM] CWE-264 CVE-2011-0010: check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
nvd
CVE-2005-2959P4MEDIUMCVSS 4.6v1.6v1.6.1+30 more2005-10-25
CVE-2005-2959 [MEDIUM] CWE-264 CVE-2005-2959: Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges v Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
nvd
CVE-2013-2776P4MEDIUMCVSS 4.4v1.3.5v1.6+62 more2013-04-08
CVE-2013-2776 [MEDIUM] CVE-2013-2776: sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard inpu
nvd
CVE-2013-1776P4MEDIUMCVSS 4.4v1.8.0v1.8.1+62 more2013-04-08
CVE-2013-1776 [MEDIUM] CWE-264 CVE-2013-1776: sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another termi
nvd
CVE-2013-2777P4MEDIUMCVSS 4.4≤ 1.7.10p4v1.3.5+72 more2013-04-08
CVE-2013-2777 [MEDIUM] CVE-2013-2777: sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not prop sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, an
nvd
CVE-2005-1993P4LOWCVSS 3.7v1.3.1v1.5.6+27 more2005-06-20
CVE-2005-1993 [LOW] CVE-2005-1993: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry i Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
nvd
CVE-2005-1119P4LOWCVSS 2.1v1.5.6v1.5.7+25 more2005-05-02
CVE-2005-1119 [LOW] CVE-2005-1119: Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
nvd
CVE-1999-1496P4LOWCVSS 2.1v1.51999-06-08
CVE-1999-1496 [LOW] CVE-1999-1496: Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitr Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to determine the existence of arbitrary files by attempting to execute the target filename as a program, which generates a different error message when the file does not exist.
nvd
Todd Miller Sudo vulnerabilities | cvebase