VYPR

Sudo

by Sudo Project

Source repositories

CVEs (42)

  • CVE-2005-1831HigMay 31, 2005
    risk 0.55cvss 8.4epss 0.00

    Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue,…

  • CVE-2017-1000368HigJun 5, 2017
    risk 0.53cvss 8.2epss 0.01

    Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

  • CVE-2009-0034HigJan 30, 2009
    risk 0.51cvss 7.8epss 0.00

    parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via…

  • CVE-2002-0184HigMay 16, 2002
    risk 0.47cvss 7.8epss 0.01

    Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

  • CVE-2015-8239HigOct 10, 2017
    risk 0.46cvss 7.0epss 0.01

    The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

  • CVE-2017-1000367MedJun 5, 2017
    risk 0.45cvss 6.4epss 0.08

    Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.

  • CVE-2016-7076MedMay 29, 2018
    risk 0.42cvss 6.4epss 0.00

    sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly…

  • CVE-2026-35535HigApr 3, 2026
    risk 0.41cvss 7.4epss 0.00

    In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

  • CVE-2016-7091MedDec 22, 2016
    risk 0.29cvss 4.4epss 0.00

    sudo: It was discovered that the default sudo configuration on Red Hat Enterprise Linux and possibly other Linux implementations preserves the value of INPUTRC which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline…

  • CVE-2014-9680LowApr 24, 2017
    risk 0.21cvss 3.3epss 0.00

    sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with…

  • CVE-2025-32463KEVJun 30, 2025
    risk 0.20cvss epss 0.47

    Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option.

  • CVE-2019-14287Oct 17, 2019
    risk 0.10cvss epss 0.64

    In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER=…

  • CVE-2025-32462Jun 30, 2025
    risk 0.05cvss epss 0.03

    Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines.

  • CVE-2019-18634Jan 29, 2020
    risk 0.03cvss epss 0.19

    In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages,…

  • CVE-2015-5602Nov 17, 2015
    risk 0.03cvss epss 0.01

    sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

  • CVE-2013-1775Mar 5, 2013
    risk 0.03cvss epss 0.03

    sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.

  • CVE-2012-0809Feb 1, 2012
    risk 0.03cvss epss 0.03

    Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.

  • CVE-2005-4158Dec 11, 2005
    risk 0.03cvss epss 0.01

    Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library…

  • CVE-2004-1689Sep 16, 2004
    risk 0.03cvss epss 0.01

    sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

  • CVE-2023-28487Mar 16, 2023
    risk 0.00cvss epss 0.01

    Sudo before 1.9.13 does not escape control characters in sudoreplay output.

Page 1 of 3