By the Year
In 2020 there have been 1 vulnerability in Sudoproject Sudo with an average score of 7.8 out of ten. Last year Sudo had 2 security vulnerabilities published. Right now, Sudo is on track to have less security vulerabilities in 2020 than it did last year. Last year, the average CVE base score was greater by 0.10
It may take a day or so for new Sudo vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Sudoproject Sudo Security Vulnerabilities
In Sudo before 1.8.26
7.8 - High
- January 29, 2020
In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.
** DISPUTED ** Sudo through 1.8.29
7 - High
- November 04, 2019
** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and openat system calls. The attacker can write "ALL ALL=(ALL) NOPASSWD:ALL" to /proc/#####/fd/3 at a time when Sudo is prompting for a password. NOTE: This has been disputed due to the way Linux /proc works. It has been argued that writing to /proc/#####/fd/3 would only be viable if you had permission to write to /etc/sudoers. Even with write permission to /proc/#####/fd/3, it would not help you write to /etc/sudoers.
In Sudo before 1.8.28
8.8 - High
- October 17, 2019
In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a "sudo -u \#$((0xffffffff))" command.
Improper Input Validation