cvelistv5 - cve-2005-4158

CVE-2005-4158 (GCVE-0-2005-4158)

Vulnerability from cvelistv5

Published

2005-12-11 02:00

Modified

2024-08-07 23:38

Severity ?

CWE

Summary

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.

References

►

URL

Tags

cve@mitre.org	http://secunia.com/advisories/17534/	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18102
cve@mitre.org	http://secunia.com/advisories/18156
cve@mitre.org	http://secunia.com/advisories/18308
cve@mitre.org	http://secunia.com/advisories/18463
cve@mitre.org	http://secunia.com/advisories/18549
cve@mitre.org	http://secunia.com/advisories/18558
cve@mitre.org	http://secunia.com/advisories/21692
cve@mitre.org	http://securitytracker.com/alerts/2005/Nov/1015192.html	Patch
cve@mitre.org	http://www.debian.org/security/2006/dsa-946
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_02_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/15394	Exploit, Patch
cve@mitre.org	http://www.sudo.ws/sudo/alerts/perl_env.html	Patch, Vendor Advisory
cve@mitre.org	http://www.trustix.org/errata/2006/0002/
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2386
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
cve@mitre.org	https://www.ubuntu.com/usn/usn-235-1/
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17534/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18102
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18156
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18308
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18463
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18549
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18558
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21692
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/alerts/2005/Nov/1015192.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-946
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_02_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15394	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.sudo.ws/sudo/alerts/perl_env.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2006/0002/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2386
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
af854a3a-2127-422b-91ae-364da2661108	https://www.ubuntu.com/usn/usn-235-1/

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T23:38:50.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDKSA-2005:234",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
          },
          {
            "name": "18549",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18549"
          },
          {
            "name": "sudo-perl-execute-code(23102)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
          },
          {
            "name": "18558",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18558"
          },
          {
            "name": "2006-0002",
            "tags": [
              "vendor-advisory",
              "x_refsource_TRUSTIX",
              "x_transferred"
            ],
            "url": "http://www.trustix.org/errata/2006/0002/"
          },
          {
            "name": "18463",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18463"
          },
          {
            "name": "18308",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18308"
          },
          {
            "name": "ADV-2005-2386",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2005/2386"
          },
          {
            "name": "15394",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/15394"
          },
          {
            "name": "18156",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18156"
          },
          {
            "name": "18102",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/18102"
          },
          {
            "name": "USN-235-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://www.ubuntu.com/usn/usn-235-1/"
          },
          {
            "name": "SUSE-SR:2006:002",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
          },
          {
            "name": "DSA-946",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2006/dsa-946"
          },
          {
            "name": "1015192",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
          },
          {
            "name": "MDKSA-2006:159",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
          },
          {
            "name": "21692",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/21692"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
          },
          {
            "name": "17534",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/17534/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2005-11-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "MDKSA-2005:234",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
        },
        {
          "name": "18549",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18549"
        },
        {
          "name": "sudo-perl-execute-code(23102)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
        },
        {
          "name": "18558",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18558"
        },
        {
          "name": "2006-0002",
          "tags": [
            "vendor-advisory",
            "x_refsource_TRUSTIX"
          ],
          "url": "http://www.trustix.org/errata/2006/0002/"
        },
        {
          "name": "18463",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18463"
        },
        {
          "name": "18308",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18308"
        },
        {
          "name": "ADV-2005-2386",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2005/2386"
        },
        {
          "name": "15394",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/15394"
        },
        {
          "name": "18156",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18156"
        },
        {
          "name": "18102",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/18102"
        },
        {
          "name": "USN-235-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://www.ubuntu.com/usn/usn-235-1/"
        },
        {
          "name": "SUSE-SR:2006:002",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
        },
        {
          "name": "DSA-946",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2006/dsa-946"
        },
        {
          "name": "1015192",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
        },
        {
          "name": "MDKSA-2006:159",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
        },
        {
          "name": "21692",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/21692"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
        },
        {
          "name": "17534",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/17534/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4158",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "MDKSA-2005:234",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
            },
            {
              "name": "18549",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18549"
            },
            {
              "name": "sudo-perl-execute-code(23102)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
            },
            {
              "name": "18558",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18558"
            },
            {
              "name": "2006-0002",
              "refsource": "TRUSTIX",
              "url": "http://www.trustix.org/errata/2006/0002/"
            },
            {
              "name": "18463",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18463"
            },
            {
              "name": "18308",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18308"
            },
            {
              "name": "ADV-2005-2386",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2005/2386"
            },
            {
              "name": "15394",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/15394"
            },
            {
              "name": "18156",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18156"
            },
            {
              "name": "18102",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/18102"
            },
            {
              "name": "USN-235-1",
              "refsource": "UBUNTU",
              "url": "https://www.ubuntu.com/usn/usn-235-1/"
            },
            {
              "name": "SUSE-SR:2006:002",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
            },
            {
              "name": "DSA-946",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2006/dsa-946"
            },
            {
              "name": "1015192",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
            },
            {
              "name": "MDKSA-2006:159",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
            },
            {
              "name": "21692",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/21692"
            },
            {
              "name": "http://www.sudo.ws/sudo/alerts/perl_env.html",
              "refsource": "CONFIRM",
              "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
            },
            {
              "name": "17534",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/17534/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2005-4158",
    "datePublished": "2005-12-11T02:00:00",
    "dateReserved": "2005-12-11T00:00:00",
    "dateUpdated": "2024-08-07T23:38:50.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2005-4158\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-12-11T02:03:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6060C8CB-1592-479E-86AD-AC180F855BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DAA88C-BADD-405A-9E66-5B0839595A70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D5E3B7-5377-4CA8-BA0D-056870CB717E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C11931-B594-43EC-9698-7152B1DF8CA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976B5923-1BCC-4DE6-A904-930DD833B937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5452DF1-0270-452D-90EB-45E9A084B94C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFD12E6-F92E-4371-ADA7-BCD41E4C9014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67FDF4FB-06FA-4A10-A3CF-F52169BC8072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B29018-B495-482A-8FF7-66821A178F9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38718561-70C7-4E0D-9313-87A5E82ED338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D057064A-9B34-4224-97BA-4D5840A92BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3C297DC-69B1-4BE6-A5EF-D320BD0CA968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"338A92AC-92D2-40BF-9FAC-884AF6F74D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26DB5610-03CE-425E-8855-70D5787029FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DFC86C-7743-4F27-BC10-170F04C23D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5170421-BA0C-4365-9CD6-BD232EA08680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5909AAA4-4AF9-4D23-87C5-5D7787909B02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2170CFD0-2594-45FB-B68F-0A75114F00A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C07744-CAE8-44C6-965E-2A09BAE1F36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B17E0E59-C928-49AB-BAA7-4AE638B376D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294FC65B-4225-475A-B49A-758823CEDECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6156B085-AA17-458C-AED1-D658275E43B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C898BE7-506D-49DA-8619-F86C7A9FE902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6419309-385F-4525-AD4B-C73B1A3ED935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51F7E821-2908-47F1-9665-E9D68ECC242F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79C7098-37D0-4E6E-A22C-3C771D81956F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7D2832-B654-406E-AA34-B3BD1D6F0A2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5688D95-89EF-4D2E-9728-2316CAC3CBE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B69E49B2-1B3C-4434-ACF1-CF4F519E3C32\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/17534/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18102\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18156\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18308\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18463\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18549\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/18558\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/21692\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securitytracker.com/alerts/2005/Nov/1015192.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-946\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:234\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:159\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_02_sr.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/15394\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.sudo.ws/sudo/alerts/perl_env.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.trustix.org/errata/2006/0002/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2386\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/23102\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.ubuntu.com/usn/usn-235-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/17534/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/18102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18156\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18308\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18463\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18549\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/18558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/21692\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://securitytracker.com/alerts/2005/Nov/1015192.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.debian.org/security/2006/dsa-946\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2005:234\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:159\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2006_02_sr.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/15394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"http://www.sudo.ws/sudo/alerts/perl_env.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.trustix.org/errata/2006/0002/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2005/2386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/23102\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ubuntu.com/usn/usn-235-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"We do not consider this to be a security issue.\\nhttp:bugzilla.redhat.combugzillashow_bug.cgi?id=139478#c1\",\"lastModified\":\"2008-01-24T00:00:00\"}]}}"
  }
}

fkie_cve-2005-4158

Vulnerability from fkie_nvd

Published

2005-12-11 02:03

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/17534/	Patch, Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/18102
cve@mitre.org	http://secunia.com/advisories/18156
cve@mitre.org	http://secunia.com/advisories/18308
cve@mitre.org	http://secunia.com/advisories/18463
cve@mitre.org	http://secunia.com/advisories/18549
cve@mitre.org	http://secunia.com/advisories/18558
cve@mitre.org	http://secunia.com/advisories/21692
cve@mitre.org	http://securitytracker.com/alerts/2005/Nov/1015192.html	Patch
cve@mitre.org	http://www.debian.org/security/2006/dsa-946
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
cve@mitre.org	http://www.novell.com/linux/security/advisories/2006_02_sr.html
cve@mitre.org	http://www.securityfocus.com/bid/15394	Exploit, Patch
cve@mitre.org	http://www.sudo.ws/sudo/alerts/perl_env.html	Patch, Vendor Advisory
cve@mitre.org	http://www.trustix.org/errata/2006/0002/
cve@mitre.org	http://www.vupen.com/english/advisories/2005/2386
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
cve@mitre.org	https://www.ubuntu.com/usn/usn-235-1/
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/17534/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18102
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18156
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18308
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18463
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18549
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/18558
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/21692
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/alerts/2005/Nov/1015192.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2006/dsa-946
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2005:234
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2006_02_sr.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/15394	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.sudo.ws/sudo/alerts/perl_env.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.trustix.org/errata/2006/0002/
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2005/2386
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/23102
af854a3a-2127-422b-91ae-364da2661108	https://www.ubuntu.com/usn/usn-235-1/

Impacted products

Vendor	Product	Version
todd_miller	sudo	1.5.6
todd_miller	sudo	1.5.7
todd_miller	sudo	1.5.8
todd_miller	sudo	1.5.9
todd_miller	sudo	1.6
todd_miller	sudo	1.6.1
todd_miller	sudo	1.6.2
todd_miller	sudo	1.6.3
todd_miller	sudo	1.6.3_p1
todd_miller	sudo	1.6.3_p2
todd_miller	sudo	1.6.3_p3
todd_miller	sudo	1.6.3_p4
todd_miller	sudo	1.6.3_p5
todd_miller	sudo	1.6.3_p6
todd_miller	sudo	1.6.3_p7
todd_miller	sudo	1.6.4
todd_miller	sudo	1.6.4_p1
todd_miller	sudo	1.6.4_p2
todd_miller	sudo	1.6.5
todd_miller	sudo	1.6.5_p1
todd_miller	sudo	1.6.5_p2
todd_miller	sudo	1.6.6
todd_miller	sudo	1.6.7
todd_miller	sudo	1.6.7_p5
todd_miller	sudo	1.6.8
todd_miller	sudo	1.6.8_p1
todd_miller	sudo	1.6.8_p5
todd_miller	sudo	1.6.8_p7
todd_miller	sudo	1.6.8_p8
todd_miller	sudo	1.6.8_p9

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6060C8CB-1592-479E-86AD-AC180F855BD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAA88C-BADD-405A-9E66-5B0839595A70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "04D5E3B7-5377-4CA8-BA0D-056870CB717E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C11931-B594-43EC-9698-7152B1DF8CA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
              "matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C898BE7-506D-49DA-8619-F86C7A9FE902",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C7098-37D0-4E6E-A22C-3C771D81956F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB7D2832-B654-406E-AA34-B3BD1D6F0A2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5688D95-89EF-4D2E-9728-2316CAC3CBE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B69E49B2-1B3C-4434-ACF1-CF4F519E3C32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."
    }
  ],
  "id": "CVE-2005-4158",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-12-11T02:03:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17534/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18102"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18156"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18308"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18463"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18549"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/18558"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/21692"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2006/dsa-946"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15394"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.trustix.org/errata/2006/0002/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2005/2386"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.ubuntu.com/usn/usn-235-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/17534/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18308"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18463"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/18558"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/21692"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2006/dsa-946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/15394"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.trustix.org/errata/2006/0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2005/2386"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.ubuntu.com/usn/usn-235-1/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "We do not consider this to be a security issue.\nhttp:bugzilla.redhat.combugzillashow_bug.cgi?id=139478#c1",
      "lastModified": "2008-01-24T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-h6pw-5prw-wv25

Vulnerability from github

Published

2022-05-01 02:24

Modified

2025-04-03 04:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2005-4158"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-12-11T02:03:00Z",
    "severity": "MODERATE"
  },
  "details": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.",
  "id": "GHSA-h6pw-5prw-wv25",
  "modified": "2025-04-03T04:21:38Z",
  "published": "2022-05-01T02:24:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4158"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
    },
    {
      "type": "WEB",
      "url": "https://www.ubuntu.com/usn/usn-235-1"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/17534"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18102"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18156"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18308"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18463"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18549"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/18558"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/21692"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2006/dsa-946"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/15394"
    },
    {
      "type": "WEB",
      "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
    },
    {
      "type": "WEB",
      "url": "http://www.trustix.org/errata/2006/0002"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2005/2386"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2005-4158

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2005-4158

Aliases

CVE-2005-4158

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2005-4158",
    "description": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.",
    "id": "GSD-2005-4158",
    "references": [
      "https://www.suse.com/security/cve/CVE-2005-4158.html",
      "https://www.debian.org/security/2006/dsa-946"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2005-4158"
      ],
      "details": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.",
      "id": "GSD-2005-4158",
      "modified": "2023-12-13T01:20:09.610168Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2005-4158",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "MDKSA-2005:234",
            "refsource": "MANDRAKE",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
          },
          {
            "name": "18549",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18549"
          },
          {
            "name": "sudo-perl-execute-code(23102)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
          },
          {
            "name": "18558",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18558"
          },
          {
            "name": "2006-0002",
            "refsource": "TRUSTIX",
            "url": "http://www.trustix.org/errata/2006/0002/"
          },
          {
            "name": "18463",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18463"
          },
          {
            "name": "18308",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18308"
          },
          {
            "name": "ADV-2005-2386",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2005/2386"
          },
          {
            "name": "15394",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/15394"
          },
          {
            "name": "18156",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18156"
          },
          {
            "name": "18102",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/18102"
          },
          {
            "name": "USN-235-1",
            "refsource": "UBUNTU",
            "url": "https://www.ubuntu.com/usn/usn-235-1/"
          },
          {
            "name": "SUSE-SR:2006:002",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
          },
          {
            "name": "DSA-946",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2006/dsa-946"
          },
          {
            "name": "1015192",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
          },
          {
            "name": "MDKSA-2006:159",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
          },
          {
            "name": "21692",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/21692"
          },
          {
            "name": "http://www.sudo.ws/sudo/alerts/perl_env.html",
            "refsource": "CONFIRM",
            "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
          },
          {
            "name": "17534",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/17534/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2005-4158"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sudo.ws/sudo/alerts/perl_env.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.sudo.ws/sudo/alerts/perl_env.html"
            },
            {
              "name": "15394",
              "refsource": "BID",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/15394"
            },
            {
              "name": "1015192",
              "refsource": "SECTRACK",
              "tags": [
                "Patch"
              ],
              "url": "http://securitytracker.com/alerts/2005/Nov/1015192.html"
            },
            {
              "name": "17534",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/17534/"
            },
            {
              "name": "18156",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18156"
            },
            {
              "name": "18308",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18308"
            },
            {
              "name": "DSA-946",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2006/dsa-946"
            },
            {
              "name": "SUSE-SR:2006:002",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2006_02_sr.html"
            },
            {
              "name": "18549",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18549"
            },
            {
              "name": "18102",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18102"
            },
            {
              "name": "2006-0002",
              "refsource": "TRUSTIX",
              "tags": [],
              "url": "http://www.trustix.org/errata/2006/0002/"
            },
            {
              "name": "18558",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18558"
            },
            {
              "name": "18463",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/18463"
            },
            {
              "name": "21692",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/21692"
            },
            {
              "name": "MDKSA-2006:159",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:159"
            },
            {
              "name": "ADV-2005-2386",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2005/2386"
            },
            {
              "name": "USN-235-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "https://www.ubuntu.com/usn/usn-235-1/"
            },
            {
              "name": "MDKSA-2005:234",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:234"
            },
            {
              "name": "sudo-perl-execute-code(23102)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23102"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-20T01:29Z",
      "publishedDate": "2005-12-11T02:03Z"
    }
  }
}

opensuse-su-2024:11413-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

sudo-1.9.7p2-1.4 on GA media

Notes

Title of the patch

sudo-1.9.7p2-1.4 on GA media

Description of the patch

These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11413

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "sudo-1.9.7p2-1.4 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the sudo-1.9.7p2-1.4 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11413",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11413-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2005-4158 page",
        "url": "https://www.suse.com/security/cve/CVE-2005-4158/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9680 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9680/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7032 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7032/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-7076 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-7076/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000367 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000367/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-1000368 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-1000368/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-14287 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-14287/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18634 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18634/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23239 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23239/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-23240 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-23240/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3156 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3156/"
      }
    ],
    "title": "sudo-1.9.7p2-1.4 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11413-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-1.9.7p2-1.4.aarch64",
                "product": {
                  "name": "sudo-1.9.7p2-1.4.aarch64",
                  "product_id": "sudo-1.9.7p2-1.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-devel-1.9.7p2-1.4.aarch64",
                "product": {
                  "name": "sudo-devel-1.9.7p2-1.4.aarch64",
                  "product_id": "sudo-devel-1.9.7p2-1.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-plugin-python-1.9.7p2-1.4.aarch64",
                "product": {
                  "name": "sudo-plugin-python-1.9.7p2-1.4.aarch64",
                  "product_id": "sudo-plugin-python-1.9.7p2-1.4.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-test-1.9.7p2-1.4.aarch64",
                "product": {
                  "name": "sudo-test-1.9.7p2-1.4.aarch64",
                  "product_id": "sudo-test-1.9.7p2-1.4.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-1.9.7p2-1.4.ppc64le",
                "product": {
                  "name": "sudo-1.9.7p2-1.4.ppc64le",
                  "product_id": "sudo-1.9.7p2-1.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-devel-1.9.7p2-1.4.ppc64le",
                "product": {
                  "name": "sudo-devel-1.9.7p2-1.4.ppc64le",
                  "product_id": "sudo-devel-1.9.7p2-1.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-plugin-python-1.9.7p2-1.4.ppc64le",
                "product": {
                  "name": "sudo-plugin-python-1.9.7p2-1.4.ppc64le",
                  "product_id": "sudo-plugin-python-1.9.7p2-1.4.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-test-1.9.7p2-1.4.ppc64le",
                "product": {
                  "name": "sudo-test-1.9.7p2-1.4.ppc64le",
                  "product_id": "sudo-test-1.9.7p2-1.4.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-1.9.7p2-1.4.s390x",
                "product": {
                  "name": "sudo-1.9.7p2-1.4.s390x",
                  "product_id": "sudo-1.9.7p2-1.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-devel-1.9.7p2-1.4.s390x",
                "product": {
                  "name": "sudo-devel-1.9.7p2-1.4.s390x",
                  "product_id": "sudo-devel-1.9.7p2-1.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-plugin-python-1.9.7p2-1.4.s390x",
                "product": {
                  "name": "sudo-plugin-python-1.9.7p2-1.4.s390x",
                  "product_id": "sudo-plugin-python-1.9.7p2-1.4.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-test-1.9.7p2-1.4.s390x",
                "product": {
                  "name": "sudo-test-1.9.7p2-1.4.s390x",
                  "product_id": "sudo-test-1.9.7p2-1.4.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "sudo-1.9.7p2-1.4.x86_64",
                "product": {
                  "name": "sudo-1.9.7p2-1.4.x86_64",
                  "product_id": "sudo-1.9.7p2-1.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-devel-1.9.7p2-1.4.x86_64",
                "product": {
                  "name": "sudo-devel-1.9.7p2-1.4.x86_64",
                  "product_id": "sudo-devel-1.9.7p2-1.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-plugin-python-1.9.7p2-1.4.x86_64",
                "product": {
                  "name": "sudo-plugin-python-1.9.7p2-1.4.x86_64",
                  "product_id": "sudo-plugin-python-1.9.7p2-1.4.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "sudo-test-1.9.7p2-1.4.x86_64",
                "product": {
                  "name": "sudo-test-1.9.7p2-1.4.x86_64",
                  "product_id": "sudo-test-1.9.7p2-1.4.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64"
        },
        "product_reference": "sudo-1.9.7p2-1.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le"
        },
        "product_reference": "sudo-1.9.7p2-1.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x"
        },
        "product_reference": "sudo-1.9.7p2-1.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64"
        },
        "product_reference": "sudo-1.9.7p2-1.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-devel-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64"
        },
        "product_reference": "sudo-devel-1.9.7p2-1.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-devel-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le"
        },
        "product_reference": "sudo-devel-1.9.7p2-1.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-devel-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x"
        },
        "product_reference": "sudo-devel-1.9.7p2-1.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-devel-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64"
        },
        "product_reference": "sudo-devel-1.9.7p2-1.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-plugin-python-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64"
        },
        "product_reference": "sudo-plugin-python-1.9.7p2-1.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-plugin-python-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le"
        },
        "product_reference": "sudo-plugin-python-1.9.7p2-1.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-plugin-python-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x"
        },
        "product_reference": "sudo-plugin-python-1.9.7p2-1.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-plugin-python-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64"
        },
        "product_reference": "sudo-plugin-python-1.9.7p2-1.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-test-1.9.7p2-1.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64"
        },
        "product_reference": "sudo-test-1.9.7p2-1.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-test-1.9.7p2-1.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le"
        },
        "product_reference": "sudo-test-1.9.7p2-1.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-test-1.9.7p2-1.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x"
        },
        "product_reference": "sudo-test-1.9.7p2-1.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "sudo-test-1.9.7p2-1.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        },
        "product_reference": "sudo-test-1.9.7p2-1.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2005-4158",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2005-4158"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2005-4158",
          "url": "https://www.suse.com/security/cve/CVE-2005-4158"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 140300 for CVE-2005-4158",
          "url": "https://bugzilla.suse.com/140300"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 145687 for CVE-2005-4158",
          "url": "https://bugzilla.suse.com/145687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 159599 for CVE-2005-4158",
          "url": "https://bugzilla.suse.com/159599"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2005-4158"
    },
    {
      "cve": "CVE-2014-9680",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9680"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9680",
          "url": "https://www.suse.com/security/cve/CVE-2014-9680"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 917806 for CVE-2014-9680",
          "url": "https://bugzilla.suse.com/917806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 919737 for CVE-2014-9680",
          "url": "https://bugzilla.suse.com/919737"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 921999 for CVE-2014-9680",
          "url": "https://bugzilla.suse.com/921999"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 953359 for CVE-2014-9680",
          "url": "https://bugzilla.suse.com/953359"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2014-9680"
    },
    {
      "cve": "CVE-2016-7032",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7032"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users to bypass intended noexec command restrictions via an application that calls the (1) system or (2) popen function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7032",
          "url": "https://www.suse.com/security/cve/CVE-2016-7032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007501 for CVE-2016-7032",
          "url": "https://bugzilla.suse.com/1007501"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007766 for CVE-2016-7032",
          "url": "https://bugzilla.suse.com/1007766"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1011975 for CVE-2016-7032",
          "url": "https://bugzilla.suse.com/1011975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1011976 for CVE-2016-7032",
          "url": "https://bugzilla.suse.com/1011976"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7032"
    },
    {
      "cve": "CVE-2016-7076",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-7076"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-7076",
          "url": "https://www.suse.com/security/cve/CVE-2016-7076"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007501 for CVE-2016-7076",
          "url": "https://bugzilla.suse.com/1007501"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1011975 for CVE-2016-7076",
          "url": "https://bugzilla.suse.com/1011975"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1011976 for CVE-2016-7076",
          "url": "https://bugzilla.suse.com/1011976"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-7076"
    },
    {
      "cve": "CVE-2017-1000367",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000367"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Todd Miller\u0027s sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000367",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000367"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1007501 for CVE-2017-1000367",
          "url": "https://bugzilla.suse.com/1007501"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039361 for CVE-2017-1000367",
          "url": "https://bugzilla.suse.com/1039361"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042146 for CVE-2017-1000367",
          "url": "https://bugzilla.suse.com/1042146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077345 for CVE-2017-1000367",
          "url": "https://bugzilla.suse.com/1077345"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-1000367"
    },
    {
      "cve": "CVE-2017-1000368",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-1000368"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Todd Miller\u0027s sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-1000368",
          "url": "https://www.suse.com/security/cve/CVE-2017-1000368"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039361 for CVE-2017-1000368",
          "url": "https://bugzilla.suse.com/1039361"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042146 for CVE-2017-1000368",
          "url": "https://bugzilla.suse.com/1042146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1045986 for CVE-2017-1000368",
          "url": "https://bugzilla.suse.com/1045986"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-1000368"
    },
    {
      "cve": "CVE-2019-14287",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-14287"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Sudo before 1.8.28, an attacker with access to a Runas ALL sudoer account can bypass certain policy blacklists and session PAM modules, and can cause incorrect logging, by invoking sudo with a crafted user ID. For example, this allows bypass of !root configuration, and USER= logging, for a \"sudo -u \\#$((0xffffffff))\" command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-14287",
          "url": "https://www.suse.com/security/cve/CVE-2019-14287"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1153674 for CVE-2019-14287",
          "url": "https://bugzilla.suse.com/1153674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156093 for CVE-2019-14287",
          "url": "https://bugzilla.suse.com/1156093"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-14287"
    },
    {
      "cve": "CVE-2019-18634",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18634"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18634",
          "url": "https://www.suse.com/security/cve/CVE-2019-18634"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1162202 for CVE-2019-18634",
          "url": "https://bugzilla.suse.com/1162202"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2019-18634"
    },
    {
      "cve": "CVE-2021-23239",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23239"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23239",
          "url": "https://www.suse.com/security/cve/CVE-2021-23239"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171722 for CVE-2021-23239",
          "url": "https://bugzilla.suse.com/1171722"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180684 for CVE-2021-23239",
          "url": "https://bugzilla.suse.com/1180684"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 2.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2021-23239"
    },
    {
      "cve": "CVE-2021-23240",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-23240"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-23240",
          "url": "https://www.suse.com/security/cve/CVE-2021-23240"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1171722 for CVE-2021-23240",
          "url": "https://bugzilla.suse.com/1171722"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180685 for CVE-2021-23240",
          "url": "https://bugzilla.suse.com/1180685"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-23240"
    },
    {
      "cve": "CVE-2021-3156",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3156"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via \"sudoedit -s\" and a command-line argument that ends with a single backslash character.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
          "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3156",
          "url": "https://www.suse.com/security/cve/CVE-2021-3156"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1180684 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1180684"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181090 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1181090"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181506 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1181506"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1181657 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1181657"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1183936 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1183936"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1218863 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1218863"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1225623 for CVE-2021-3156",
          "url": "https://bugzilla.suse.com/1225623"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-devel-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-plugin-python-1.9.7p2-1.4.x86_64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.aarch64",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.ppc64le",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.s390x",
            "openSUSE Tumbleweed:sudo-test-1.9.7p2-1.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3156"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2005-4158 (GCVE-0-2005-4158)

Vulnerability from cvelistv5

fkie_cve-2005-4158

Vulnerability from fkie_nvd

ghsa-h6pw-5prw-wv25

Vulnerability from github

gsd-2005-4158

Vulnerability from gsd

opensuse-su-2024:11413-1

Vulnerability from csaf_opensuse

Tags

Sightings

Nomenclature