sudo

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Give certain users the ability to run some commands as root
Version 1.9.7.p1-1 [core]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1432 1.9.4.p2-2 1.9.5.p1-1 High Not affected
AVG-1431 1.9.4.p2-2 1.9.5.p2-1 Critical Fixed
AVG-1093 1.8.30-1 1.8.31-1 High Fixed
AVG-1047 1.8.27-1 1.8.28-1 High Fixed
AVG-282 1.8.20-1 1.8.20.p1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-23240 AVG-1432 High No Arbitrary filesystem access
A security issue was found in sudo before version 1.9.5. On a system with SELinux in permissive mode, an attacker could use sudoedit to change the ownership...
CVE-2021-23239 AVG-1431 Low No Information disclosure
A security issue was found in sudo before version 1.9.5. A race condition in sudoedit could have allowed an attacker to test for the existence of...
CVE-2021-3156 AVG-1431 Critical No Privilege escalation
A serious heap-based buffer overflow has been discovered in sudo before version 1.9.5p2 that is exploitable by any local user. It has been given the name...
CVE-2019-18634 AVG-1093 High No Privilege escalation
A flaw was found in the Sudo before version 1.8.31 application when the ’pwfeedback' option is set to true on the sudoers file. An authenticated user can...
CVE-2019-14287 AVG-1047 High No Privilege escalation
A flaw was found in the way sudo prior to 1.8.28 implemented running commands with arbitrary user ID. If a sudoers entry is written to allow the attacker to...
CVE-2017-1000367 AVG-282 Medium No Access restriction bypass
On Linux systems, sudo parses the /proc/[pid]/stat file to determine the device number of the process's tty (field 7). The fields in the file are...

Advisories

Date Advisory Group Severity Type
20 Jan 2021 ASA-202101-25 AVG-1431 Critical multiple issues
06 Feb 2020 ASA-202002-2 AVG-1093 High privilege escalation
16 Oct 2019 ASA-201910-9 AVG-1047 High privilege escalation
30 May 2017 ASA-201705-25 AVG-282 Medium access restriction bypass