Vulnerabilities > Sudo Project > Sudo > 1.7.7

DATE CVE VULNERABILITY TITLE RISK
2017-06-05 CVE-2017-1000368 Improper Input Validation vulnerability in Sudo Project Sudo
Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
local
low complexity
sudo-project CWE-20
7.2
7.2
2017-06-05 CVE-2017-1000367 Race Condition vulnerability in Sudo Project Sudo
Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.
local
high complexity
sudo-project CWE-362
6.4
6.4
2015-11-17 CVE-2015-5602 Permissions, Privileges, and Access Controls vulnerability in Sudo Project Sudo
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
local
low complexity
sudo-project CWE-264
7.2
7.2