VYPR

rpm package

opensuse/sudo&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweed

Vulnerabilities (25)

  • CVE-2026-35535HigApr 3, 2026
    affected < 1.9.17p2-2.1fixed 1.9.17p2-2.1

    In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

  • CVE-2025-32463CriKEVJun 30, 2025
    affected < 1.9.17p1-1.1fixed 1.9.17p1-1.1

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

  • CVE-2025-32462LowJun 30, 2025
    affected < 1.9.17p1-1.1fixed 1.9.17p1-1.1

    Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

  • CVE-2023-42465HigDec 22, 2023
    affected < 1.9.15p2-1.1fixed 1.9.15p2-1.1

    Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.

  • CVE-2023-42456LowSep 21, 2023
    affected < 1.9.15p2-1.1fixed 1.9.15p2-1.1

    Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the u

  • CVE-2023-27320HigFeb 28, 2023
    affected < 1.9.13p3-2.1fixed 1.9.13p3-2.1

    Sudo before 1.9.13p2 has a double free in the per-command chroot feature.

  • CVE-2023-22809HigJan 18, 2023
    affected < 1.9.12p2-1.1fixed 1.9.12p2-1.1

    In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege

  • CVE-2022-43995HigNov 2, 2022
    affected < 1.9.12-3.1fixed 1.9.12-3.1

    Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven ch

  • CVE-2021-3156HigKEVJan 26, 2021
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.

  • CVE-2021-23240HigJan 12, 2021
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines witho

  • CVE-2021-23239LowJan 12, 2021
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

  • CVE-2019-18634HigJan 29, 2020
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages,

  • CVE-2019-14287HigOct 17, 2019
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= l

  • CVE-2016-7076MedMay 29, 2018
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly us

  • CVE-2017-1000368HigJun 5, 2017
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

  • CVE-2017-1000367MedJun 5, 2017
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

  • CVE-2014-9680LowApr 24, 2017
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with t

  • CVE-2016-7032HigApr 14, 2017
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.

  • CVE-2013-1776Apr 8, 2013
    affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1

    sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting

  • CVE-2013-1775Mar 5, 2013
    affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1

    sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

Page 1 of 2