Sudo
GitHub Blog Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
Flaw in Kerberos 5
Sudo can optionally be built with support for Kerberos 5 authentication. A flaw in exists in sudo’s Kerberos 5 authentication that, depending on the local machine’s Kerberos 5 configuration, could allow a malicious user to avoid authenticating with sudo. The user would still be limited by the sudoers file as to what commands could be run (and as what user). Sudo versions affected: All versions prior to 1. ...
Perl scripts run via Sudo can be subverted
A flaw in exists in sudo’s environment sanitizing prior to sudo version 1.6.8p12 that could allow a malicious user with permission to run a perl script to execute arbitrary perl code. Sudo versions affected: All versions prior to 1.6.8p12. CVE ID: This vulnerability has been assigned CVE-2004-1051 in the Common Vulnerabilities and Exposures database. Details: The PERL5LIB and PERLLIB environment variables can be used to provide a list of directories in which to look for perl library files before the system directories are searched. ...
Bash scripts run via Sudo can be subverted
A flaw in exists in sudo’s environment sanitizing prior to sudo version 1.6.8p10 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands. The /bin/sh shell on most (if not all) Linux and Mac OS X systems is bash. Sudo versions affected: All versions prior to 1.6.8p10. CVE ID: This vulnerability has been assigned CVE-2004-1051 in the Common Vulnerabilities and Exposures database. ...
Race condition in Sudo's pathname validation
A race condition in Sudo’s command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands. Sudo versions affected: Sudo versions 1.3.1 up to and including 1.6.8p8. CVE ID: This vulnerability has been assigned CVE-2005-1993 in the Common Vulnerabilities and Exposures database. Details: When a user runs a command via Sudo, the inode and device numbers of the command are compared to those of commands with the same basename found in the sudoers file (see the Background section for more information). ...
Bash scripts run via Sudo can be subverted
A flaw in exists in sudo’s environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands. The /bin/sh shell on most (if not all) Linux systems is bash. Sudo versions affected: All versions prior to 1.6.8p2. CVE ID: This vulnerability has been assigned CVE-2004-1051 in the Common Vulnerabilities and Exposures database. ...
Sudoedit can expose file contents
A flaw in exists in sudo’s -e option (aka sudoedit) in sudo version 1.6.8 that can give an attacker read permission to a file that would otherwise be unreadable. Sudo versions affected: 1.6.8 only Details: While sudoedit runs the actual editor as the invoking user, the temporary file is then re-opened with root privileges. An attacker can run sudoedit, remove the editor temporary file, make a link to an unreadable file with the same name as the old temporary file and quit the editor. ...
Sudo Prompt Buffer Overflow
A buffer overflow exists in sudo versions 1.5.7 to 1.6.5p2 (inclusive). The problem affects expansion of the “%h” and “%u” escape sequences in the prompt. Due to a bug it is possible to craft a prompt such that more bytes are written than have been allocated. Exploiting heap corruption bugs like this requires fairly in-depth knowledge of a system’s malloc internals. The bug has been exploited on Linux and can allow an attacker to gain root privileges. ...
Security Issue with Sudo and Postfix
A security issue has been found by Sebastian Krahmer of the SuSE Security Team in Sudo versions 1.6.0 - 1.6.3p7. When the Postfix sendmail replacement is installed on a machine an attacker may be able to gain root privileges by way of Sudo. Sudo versions affected: 1.6.0 - 1.6.3p7 (inclusive) Details: Starting with version 1.6.0 Sudo sends mail to the administrator as root to prevent the invoking user from killing the mail process and thus avoiding logging (in previous versions of Sudo the mail was sent as the invoking user). ...
Sudo Heap Corruption Bug
A single-byte heap corruption bug exists in sudo versions 1.6.3p5 and below. Exploitation of the bug requires in-depth knowledge of the system malloc internals. The bug has been exploited on Linux and can allow an attacker to gain root privileges. No known exploits exist for other operating systems but this should not be considered a Linux-only problem. Sudo versions affected: 1.3.0 - 1.6.3p5 (inclusive) Details: When given a sufficiently long command line argument, sudo will write a single NUL byte past the end of a buffer allocated via malloc(). ...