Search CVE reports


Toggle filters

11 – 20 of 50 results


CVE-2021-23240

Negligible priority
Needs evaluation

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-23239

Low priority

Some fixes available 12 of 13

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed Fixed Fixed Fixed
Show less packages

CVE-2019-18634

Low priority
Fixed

In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed
Show less packages

CVE-2019-19234

Low priority

Some fixes available 1 of 2

** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been blocked (e.g., by using the ! character in the shadow file instead of a password hash) is not considered, allowing an attacker (who has access to a Runas ALL...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Not affected Not affected
Show less packages

CVE-2019-19232

Low priority

Some fixes available 1 of 2

** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Not affected Not affected
Show less packages

CVE-2005-4890

Low priority
Ignored

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input...

2 affected packages

shadow, sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
shadow Not affected Not affected Not affected
sudo Not affected Not affected Not affected
Show less packages

CVE-2019-18684

Low priority
Not affected

** DISPUTED ** Sudo through 1.8.29 allows local users to escalate to root if they have write access to file descriptor 3 of the sudo process. This occurs because of a race condition between determining a uid, and the setresuid and...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected
Show less packages

CVE-2019-14287

Medium priority
Fixed

In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Fixed Fixed
Show less packages

CVE-2016-7076

Medium priority

Some fixes available 2 of 4

sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application...

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected Fixed
Show less packages

CVE-2015-8239

Low priority
Vulnerable

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

1 affected package

sudo

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
sudo Not affected Not affected Not affected Not affected Not affected
Show less packages