Vulnerability Description
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
CVSS Score
7.0
HIGH
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sudo Project | Sudo | 1.8.8 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2015/11/18/22Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1283635Issue TrackingPatchThird Party Advisory
- https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195Issue TrackingPatchThird Party Advisory
- https://www.sudo.ws/repos/sudo/rev/24a3d9215c64Issue TrackingPatchThird Party Advisory
- https://www.sudo.ws/repos/sudo/rev/397722cdd7ecIssue TrackingPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/11/18/22Mailing ListThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1283635Issue TrackingPatchThird Party Advisory
- https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195Issue TrackingPatchThird Party Advisory
- https://www.sudo.ws/repos/sudo/rev/24a3d9215c64Issue TrackingPatchThird Party Advisory
- https://www.sudo.ws/repos/sudo/rev/397722cdd7ecIssue TrackingPatchThird Party Advisory
FAQ
What is CVE-2015-8239?
CVE-2015-8239 is a vulnerability with a CVSS score of 7.0 (HIGH). The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
How severe is CVE-2015-8239?
CVE-2015-8239 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-8239?
Check the references section above for vendor advisories and patch information. Affected products include: Sudo Project Sudo.