Search CVE reports
51 – 54 of 54 results
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not...
1 affected package
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sudo | — | — | — | — |
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
1 affected package
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sudo | — | — | — | — |
Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party...
1 affected package
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sudo | — | — | — | — |
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the...
1 affected package
sudo
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| sudo | — | — | — | — |