Sudo Sudoproject Sudo

Do you want an email whenever new security vulnerabilities are reported in Sudoproject Sudo?

By the Year

In 2021 there have been 3 vulnerabilities in Sudoproject Sudo with an average score of 6.0 out of ten. Last year Sudo had 1 security vulnerability published. That is, 2 more vulnerabilities have already been reported in 2021 as compared to last year. Last year, the average CVE base score was greater by 1.77

Year Vulnerabilities Average Score
2021 3 6.03
2020 1 7.80
2019 3 7.87
2018 0 0.00

It may take a day or so for new Sudo vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Sudoproject Sudo Security Vulnerabilities

Sudo before 1.9.5p2 contains an off-by-one error

CVE-2021-3156 7.8 - High - January 26, 2021

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

off-by-five

The sudoedit personality of Sudo before 1.9.5 may

CVE-2021-23239 2.5 - Low - January 12, 2021

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

insecure temporary file

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5

CVE-2021-23240 7.8 - High - January 12, 2021

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

insecure temporary file

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users

CVE-2019-18634 7.8 - High - January 29, 2020

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.

Memory Corruption

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program"

CVE-2005-4890 7.8 - High - November 04, 2019

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

Improper Input Validation

** DISPUTED ** Sudo through 1.8.29

CVE-2019-18684 7 - High - November 04, 2019

** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers.

Race Condition

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account

CVE-2019-14287 8.8 - High - October 17, 2019

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.

Improper Handling of Exceptional Conditions

Sudo before 1.6.6 contains an off-by-one error

CVE-2002-0184 - May 16, 2002

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Memory Corruption

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Sudoproject? Click the Watch button to subscribe.

subscribe