VYPR

rpm package

opensuse/sudo&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweed

Vulnerabilities (25)

  • CVE-2012-2337May 18, 2012
    affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1

    sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 add

  • CVE-2011-0010Jan 18, 2011
    affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1

    check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.

  • CVE-2010-1646Jun 7, 2010
    affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1

    The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.

  • CVE-2010-1163Apr 16, 2010
    affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1

    The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary c

  • CVE-2005-4158Dec 11, 2005
    affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4

    Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library

Page 2 of 2