CPE-1774D0B4-805C-46B8-BD2C-FFA4638D0139 Detail

CPE Details

Sudo Project Sudo 1.9.4 Patch 1

Vendor

sudo_project

Product

sudo

Version

1.9.4

Created

2021-02-10
14h58 +00:00

Modified

2021-02-10
14h58 +00:00

Official links

CPE NVD

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Notifications manage

List of Notifications

Alerte pour un CPE

Stay informed of any changes for a specific CPE.

Parameters

You can specify a title that will be retrieved in the alerts that will be sent out.

CPE ID

Planning

Month

Next run calculation

Day

Weekday

Hour

Minute

Creation date

Last execution

Next execution

Functionality requiring a connection

This feature, which allows you to receive alerts, is only active when you are logged into your account.

CPE Name: cpe:2.3:a:sudo_project:sudo:1.9.4:p1::::::

Informations

Vendor

sudo_project

Product

sudo

Version

1.9.4

Update

Related CVE

Open and find in CVE List

CVE ID	Published	Description	Score	Severity
CVE-2023-42465	2023-12-21 23h00 +00:00	Sudo before 1.9.15 might allow row hammer attacks (for authentication bypass or privilege escalation) because application logic sometimes is based on not equaling an error value (instead of equaling a success value), and because the values do not resist flips of a single bit.	7	High
CVE-2023-28486	2023-03-15 23h00 +00:00	Sudo before 1.9.13 does not escape control characters in log messages.	5.3	Medium
CVE-2023-28487	2023-03-15 23h00 +00:00	Sudo before 1.9.13 does not escape control characters in sudoreplay output.	5.3	Medium
CVE-2023-22809	2023-01-17 23h00 +00:00	In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.	7.8	High
CVE-2022-43995	2022-11-01 23h00 +00:00	Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture.	7.1	High
CVE-2021-3156	2021-01-26 00h00 +00:00	Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.	7.8	High
CVE-2021-23240	2021-01-12 07h17 +00:00	selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.	7.8	High
CVE-2021-23239	2021-01-11 23h00 +00:00	The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.	2.5	Low

Sudo Project Sudo 1.9.4 Patch 1

CPE Details

CPE Name: cpe:2.3:a:sudo_project:sudo:1.9.4:p1:*:*:*:*:*:*

Informations

Vendor

Product

Version

Update

Related CVE

CPE Name: cpe:2.3:a:sudo_project:sudo:1.9.4:p1::::::