Sudo Security Alerts

  • June 2, 2010
    A potential security issue exists in sudo's secure path functionality in sudo versions 1.3.1 through 1.6.9p22 and versions 1.7.0 through 1.7.2p6. The flaw may allow an attacker to bypass the secure path PATH restrictions and set PATH to a user-controlled value.

  • April 9, 2010
    An additional security issue exists in sudo's -e option (aka sudoedit) in sudo versions 1.6.8 through 1.7.2p5 that may give a user with permission to run sudoedit the ability to run arbitrary commands.

  • February 22, 2010
    A security issue exists in sudo's -e option (aka sudoedit) in sudo versions 1.6.9 through 1.7.2p3 that may give a user with permission to run sudoedit the ability to run arbitrary commands.

  • December 6, 2009
    A security issue with sudoers rules that include Cmnd_Alias entries that use the negation operator has been fixed.

  • January 29, 2009
    A security issue with sudoers rules that include a group in the RunAs portion of the rule has been discovered.

  • July 17, 2007
    A security issue has been discovered with the Kerberos 5 authentication that allows a malicious user to avoid authenticating with sudo.

  • November 8, 2005
    A security issue has been discovered that allows a malicious user with permission to run a perl shell script to execute arbitrary perl code.

  • October 27, 2005
    A security issue has been discovered that allows a malicious user with permission to run a bash shell script to execute arbitrary commands.

  • June 20, 2005
    A race condition has been discovered that could allow a malicious user with sudo privileges to execute arbitrary commands.

  • November 11, 2004
    A security issue has been discovered that allows a malicious user with permission to run a bash shell script to execute arbitrary commands.

  • September 15, 2004
    A bug in sudoedit has been discovered that allows a malicious user to read files that would otherwise be unreadable.

  • April 25, 2002
    A buffer overflow bug has been discovered in sudo's prompt expansion code.

  • Jan 14, 2002
    A security issue that could allow an attacker to to gain root privileges via sudo if the Postfix mailer is installed has been discovered.

  • Feb 22, 2001
    A heap corruption bug has been discovered in sudo's logging functions.