Sudo Project: >> Sudo >> 1.4.0 Security Vulnerabilities
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
CVSS Score
6.4
EPSS Score
0.165
Published
2017-06-05
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
CVSS Score
7.2
EPSS Score
0.061
Published
2015-11-17
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
CVSS Score
7.8
EPSS Score
0.002
Published
2002-05-16
Page 2