The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.0 | 7.0 | HIGH | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Primary | 2.0 | 6.9 | MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
| Hyperlink | Source | Resource |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/11/18/22 | cve@mitre.org | Mailing List Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1283635 | cve@mitre.org | Issue Tracking Patch Third Party Advisory |
| https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195 | cve@mitre.org | Issue Tracking Patch Third Party Advisory |
| https://www.sudo.ws/repos/sudo/rev/24a3d9215c64 | cve@mitre.org | Issue Tracking Patch Third Party Advisory |
| https://www.sudo.ws/repos/sudo/rev/397722cdd7ec | cve@mitre.org | Issue Tracking Patch Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2015/11/18/22 | af854a3a-2127-422b-91ae-364da2661108 | Mailing List Third Party Advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1283635 | af854a3a-2127-422b-91ae-364da2661108 | Issue Tracking Patch Third Party Advisory |
| https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195 | af854a3a-2127-422b-91ae-364da2661108 | Issue Tracking Patch Third Party Advisory |
| https://www.sudo.ws/repos/sudo/rev/24a3d9215c64 | af854a3a-2127-422b-91ae-364da2661108 | Issue Tracking Patch Third Party Advisory |
| https://www.sudo.ws/repos/sudo/rev/397722cdd7ec | af854a3a-2127-422b-91ae-364da2661108 | Issue Tracking Patch Third Party Advisory |