CVE-2015-8239
Published: 10 October 2017
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
Notes
Author | Note |
---|---|
sbeattie | command digests are available only in 1.8.7 and higher |
Priority
Status
Package | Release | Status |
---|---|---|
sudo Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.8.16-0ubuntu1)
|
bionic |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
cosmic |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
disco |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
eoan |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
focal |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
groovy |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
hirsute |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
impish |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
jammy |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
kinetic |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
lunar |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
mantic |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
precise |
Ignored
(end of life)
|
|
trusty |
Needed
|
|
upstream |
Released
(1.8.16)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
yakkety |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
zesty |
Not vulnerable
(1.8.16-0ubuntu1)
|
|
Patches: upstream: https://www.sudo.ws/repos/sudo/rev/397722cdd7ec |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.0 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |