rpm package
opensuse/sudo&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/sudo&distro=openSUSE%20Tumbleweed
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2012-2337 | — | < 1.8.18p1-1.1 | 1.8.18p1-1.1 | May 18, 2012 | sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 add | ||
| CVE-2011-0010 | — | < 1.8.18p1-1.1 | 1.8.18p1-1.1 | Jan 18, 2011 | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
| CVE-2010-1646 | — | < 1.8.18p1-1.1 | 1.8.18p1-1.1 | Jun 7, 2010 | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
| CVE-2010-1163 | — | < 1.8.18p1-1.1 | 1.8.18p1-1.1 | Apr 16, 2010 | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary c | ||
| CVE-2005-4158 | — | < 1.9.7p2-1.4 | 1.9.7p2-1.4 | Dec 11, 2005 | Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library |
- CVE-2012-2337May 18, 2012affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 add
- CVE-2011-0010Jan 18, 2011affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
- CVE-2010-1646Jun 7, 2010affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable.
- CVE-2010-1163Apr 16, 2010affected < 1.8.18p1-1.1fixed 1.8.18p1-1.1
The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary c
- CVE-2005-4158Dec 11, 2005affected < 1.9.7p2-1.4fixed 1.9.7p2-1.4
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library
Page 2 of 2