Sudo Security Alerts

  • January 26, 2021
    A potential security issue exists in sudo that could be used by a local user to gain root privileges even when not listed in the sudoers file. Affected sudo versions are 1.8.2 through 1.8.31p2 and 1.9.0 through 1.9.5p1. Sudo 1.9.5p2 and above are not affected.

  • January 11, 2021
    A potential security issue exists in sudoedit when sudo is built with SELinux support. A user with sudoedit privileges may be able to set the owner of an arbitrary file to that of the target user (e.g. root). Affected sudo versions are 1.8.11 through 1.9.4p2. Sudo 1.9.5 and above are not affected.

  • January 30, 2020 (updated February 5, 2020)
    A potential security issue exists in sudo when the pwfeedback option is enabled in sudoers that can lead to a buffer overflow. Affected sudo versions are 1.7.1 through 1.8.30 inclusive but only when pwfeedback is explicitly enabled. Sudo 1.8.31 and above are not affected.

  • October 14, 2019
    A potential security issue exists where a sudo user may be able to run a command as root when the Runas specification explicitly disallows root access as long as the ALL keyword is listed first. Affected sudo versions are 1.4.2 through 1.8.27 inclusive. Sudo 1.8.28 and above are not affected.

  • May 30, 2017
    A potential security issue exists that may allow a user to overwrite an arbitrary file. This issue is only present on Linux systems. Affected sudo versions are 1.8.6p7 through 1.8.20 inclusive. Sudo 1.8.20p1 and above are not affected.

  • October 26, 2016
    A potential security issue exists that may allow a user to run additional commands even when the NOEXEC tag has been applied to a command that uses the wordexp() function. Affected sudo versions are 1.6.8 through 1.8.18 inclusive. Sudo 1.8.18p1 and above are not affected.

  • October 26, 2016
    A potential security issue exists that may allow a user to run additional commands even when the NOEXEC tag has been applied to a command that uses the system() or popen() function. Affected sudo versions are 1.6.8 through 1.8.14p3 inclusive. Sudo 1.8.15 and above are not affected.

  • February 9, 2015
    A potential security issue exists that may allow a user to access arbitrary files by setting the TZ environment variable to a fully-qualified path name. Affected sudo versions are 1.0.0 through 1.7.10p9 and 1.8.0 through 1.8.11p2. Sudo 1.8.12 and above are not affected.

  • March 5, 2014
    A potential security issue exists that may allow a user to add arbitrary variables to the environment when the env_reset option is disabled in sudoers. Affected sudo versions are 1.6.9 through 1.8.4p5. Sudo 1.8.5 and above are not affected.

  • February 27, 2013
    A potential security issue exists that may allow a user to bypass authentication if they are able to reset the system clock. Affected sudo versions are 1.6.0 through 1.7.10p7 and sudo 1.8.0 through 1.8.6p7.

  • February 27, 2013
    A potential security issue exists that may allow a user to bypass the tty_tickets constraints. Affected sudo versions are 1.3.5 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p7 when the "tty_tickets" option is enabled.

  • May 16, 2012
    A potential security issue exists in the matching of hosts against an IPv4 network specified in sudoers. Affected sudo versions are 1.6.9p3 through 1.8.4p4. The flaw may allow a user who is authorized to run commands on hosts belonging to one IPv4 network to run commands on a different host.

  • January 30, 2012
    A format string vulnerability has been found when the -D (debugging) flag is used. Affected sudo versions are 1.8.0 through 1.8.3p1. The flaw may allow a user to run commands as root without being prompted for a password.

  • January 12, 2011
    A potential security issue exists in the handling of sudo's -g command line option when -u is not specified. Affected sudo versions are 1.7.0 through 1.7.4p4. The flaw may allow a user to run commands as a group without being prompted for a password.

  • September 7, 2010
    A potential security issue exists in the handling of sudo's -g command line option when -u is also specified. Affected sudo versions are 1.7.0 through 1.7.4p3. The flaw may allow an attacker to run commands as a user that is not authorized by the sudoers file.

  • June 2, 2010
    A potential security issue exists in sudo's secure path functionality in sudo versions 1.3.1 through 1.6.9p22 and versions 1.7.0 through 1.7.2p6. The flaw may allow an attacker to bypass the secure path PATH restrictions and set PATH to a user-controlled value.

  • April 9, 2010
    An additional security issue exists in sudo's -e option (aka sudoedit) in sudo versions 1.6.8 through 1.7.2p5 that may give a user with permission to run sudoedit the ability to run arbitrary commands.

  • February 22, 2010
    A security issue exists in sudo's -e option (aka sudoedit) in sudo versions 1.6.9 through 1.7.2p3 that may give a user with permission to run sudoedit the ability to run arbitrary commands.

  • December 6, 2009
    A security issue with sudoers rules that include Cmnd_Alias entries that use the negation operator has been fixed.

  • January 29, 2009
    A security issue with sudoers rules that include a group in the RunAs portion of the rule has been discovered.

  • July 17, 2007
    A security issue has been discovered with the Kerberos 5 authentication that allows a malicious user to avoid authenticating with sudo.

  • November 8, 2005
    A security issue has been discovered that allows a malicious user with permission to run a perl shell script to execute arbitrary perl code.

  • October 27, 2005
    A security issue has been discovered that allows a malicious user with permission to run a bash shell script to execute arbitrary commands.

  • June 20, 2005
    A race condition has been discovered that could allow a malicious user with sudo privileges to execute arbitrary commands.

  • November 11, 2004
    A security issue has been discovered that allows a malicious user with permission to run a bash shell script to execute arbitrary commands.

  • September 15, 2004
    A bug in sudoedit has been discovered that allows a malicious user to read files that would otherwise be unreadable.

  • April 25, 2002
    A buffer overflow bug has been discovered in sudo's prompt expansion code.

  • Janurary 14, 2002
    A security issue that could allow an attacker to to gain root privileges via sudo if the Postfix mailer is installed has been discovered.

  • February 22, 2001
    A heap corruption bug has been discovered in sudo's logging functions.