Vulnerabilities > Todd Miller > Sudo > High

DATE CVE VULNERABILITY TITLE RISK
2012-05-18 CVE-2012-2337 Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo
sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address.
local
low complexity
todd-miller CWE-264
7.2
7.2
2012-02-01 CVE-2012-0809 USE of Externally-Controlled Format String vulnerability in Todd Miller Sudo
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
local
low complexity
todd-miller CWE-134
7.2
7.2
2007-06-11 CVE-2007-3149 sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings.
local
low complexity
mit todd-miller
7.2
7.2
2006-01-09 CVE-2006-0151 sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
local
low complexity
todd-miller ubuntu
7.2
7.2
2005-03-01 CVE-2004-1051 sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. 7.2
7.2
2002-01-31 CVE-2002-0043 Unspecified vulnerability in Todd Miller Sudo
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
local
low complexity
todd-miller
7.2
7.2
1998-01-12 CVE-1999-0958 Unspecified vulnerability in Todd Miller Sudo 1.5/1.5.2/1.5.3
sudo 1.5.x allows local users to execute arbitrary commands via a ..
local
low complexity
todd-miller
7.2
7.2