Vulnerability Details CVE-2015-8239
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.3%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
- http://www.openwall.com/lists/oss-security/2015/11/18/22
- https://bugzilla.redhat.com/show_bug.cgi?id=1283635
- https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
- https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
- https://www.sudo.ws/repos/sudo/rev/397722cdd7ec
- http://www.openwall.com/lists/oss-security/2015/11/18/22
- https://bugzilla.redhat.com/show_bug.cgi?id=1283635
- https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
- https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
- https://www.sudo.ws/repos/sudo/rev/397722cdd7ec
Products affected by CVE-2015-8239
-
cpe:2.3:a:sudo_project:sudo:1.8.10
-
cpe:2.3:a:sudo_project:sudo:1.8.11
-
cpe:2.3:a:sudo_project:sudo:1.8.12
-
cpe:2.3:a:sudo_project:sudo:1.8.13
-
cpe:2.3:a:sudo_project:sudo:1.8.14
-
cpe:2.3:a:sudo_project:sudo:1.8.15
-
cpe:2.3:a:sudo_project:sudo:1.8.8
-
cpe:2.3:a:sudo_project:sudo:1.8.9