Sudo Sudoproject Sudo

stack.watch can notify you when security vulnerabilities are reported in Sudoproject Sudo. You can add multiple products that you use with Sudo to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Sudoproject Sudo with an average score of 7.8 out of ten. Last year Sudo had 2 security vulnerabilities published. Right now, Sudo is on track to have less security vulerabilities in 2020 than it did last year. Last year, the average CVE base score was greater by 0.10

Year Vulnerabilities Average Score
2020 1 7.80
2019 2 7.90
2018 0 0.00

It may take a day or so for new Sudo vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Sudoproject Sudo Security Vulnerabilities

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users

CVE-2019-18634 7.8 - High - January 29, 2020

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

CVE-2019-18634 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Out-of-bounds Write

** DISPUTED ** Sudo through 1.8.29

CVE-2019-18684 7 - High - November 04, 2019

** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers.

CVE-2019-18684 is exploitable with local system access, and requires small amount of user privledges. This vulnerability is consided to have a high level of attack complexity. It has an exploitability score of 1.0 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Race Condition

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account

CVE-2019-14287 8.8 - High - October 17, 2019

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

CVE-2019-14287 can be explotited with network access, and requires small amount of user privledges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

Improper Input Validation