Vulnerabilities > Todd Miller

DATE CVE VULNERABILITY TITLE RISK
2017-04-14 CVE-2016-7032 Improper Access Control vulnerability in Todd Miller Sudo
sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.
6.9
2014-03-11 CVE-2014-0106 Improper Input Validation vulnerability in multiple products
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
6.6
2013-04-08 CVE-2013-2777 Permissions, Privileges, and Access Controls vulnerability in multiple products
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to a session without a controlling terminal device and connecting to the standard input, output, and error file descriptors of another terminal.
4.4
2013-04-08 CVE-2013-2776 Permissions, Privileges, and Access Controls vulnerability in multiple products
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.
4.4
2013-04-08 CVE-2013-1776 Permissions, Privileges, and Access Controls vulnerability in multiple products
sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal.
4.4
2013-03-05 CVE-2013-1775 Permissions, Privileges, and Access Controls vulnerability in multiple products
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch.
6.9
2012-05-18 CVE-2012-2337 Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
local
low complexity
todd-miller CWE-264
7.2
2012-02-01 CVE-2012-0809 USE of Externally-Controlled Format String vulnerability in Todd Miller Sudo
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
local
low complexity
todd-miller CWE-134
7.2
2011-01-18 CVE-2011-0010 Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo
check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.
4.4
2010-09-10 CVE-2010-2956 Local Privilege Escalation vulnerability in Todd Miller Sudo Runas Group
Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
local
high complexity
todd-miller
6.2