{ "id": "CVE-2015-8239", "sourceIdentifier": "cve@mitre.org", "published": "2017-10-10T16:29:00.557", "lastModified": "2017-11-05T21:23:16.497", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed." }, { "lang": "es", "value": "La compatibilidad con SHA-2 digest en el plugin sudoers en sudo, en versiones posteriores a la 1.8.7, permite que usuarios locales con permisos de escritura en partes del comando llamado los reemplace antes de ejecutarlo." } ], "metrics": { "cvssMetricV30": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.0", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.0, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 6.9 }, "baseSeverity": "MEDIUM", "exploitabilityScore": 3.4, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-362" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A5545929-5E7F-4ACC-9670-7F564909DC42" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*", "matchCriteriaId": "B5D20E97-0026-4DC5-B1A6-39570600A9BA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*", "matchCriteriaId": "174F8AAF-38D1-48F6-9BA2-884480E6A8BD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*", "matchCriteriaId": "5B8908AB-2B94-4557-A6F9-C049FC3C10B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "D3C3811D-99DE-4E26-80F4-592808C147F0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "69A62F0A-695D-46F7-8496-B008CC1C43A6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*", "matchCriteriaId": "7571D30D-7472-4E09-9F39-566CAD1CCC78" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*", "matchCriteriaId": "A23708BC-4FD6-4961-A0C2-292C42458E2A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*", "matchCriteriaId": "92D83173-61D1-41E4-B0C8-2212A5A53E07" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*", "matchCriteriaId": "310A6BE2-7346-4E99-9553-4C3D6D9420D7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*", "matchCriteriaId": "D624014F-95AD-49CA-87CC-E8C74FAD9C2A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*", "matchCriteriaId": "9289798D-7DB7-41B4-94C6-1032A670FD32" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*", "matchCriteriaId": "A8F46CAD-FCFB-4F41-920B-E2C743905261" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "7AC23759-808E-4570-A354-91A863E0DA7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "712742E1-2C23-43BC-903E-BFE5A0DC3F16" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "3CD0B574-8FB9-42FD-A470-7B7736BA256C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*", "matchCriteriaId": "C108672B-8D03-434F-8568-A50C4FC6141D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*", "matchCriteriaId": "C0C14B6E-491B-4299-9266-D0EAF81BFE55" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*", "matchCriteriaId": "EEC16E4A-8F31-49B7-8892-D3D3AD4260BC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*", "matchCriteriaId": "CEE55EE5-655A-4804-A293-970EFB8ECBBB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*", "matchCriteriaId": "20295CF1-A41D-4295-9D13-826B06591D58" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*", "matchCriteriaId": "8DE2D0F0-AA32-4A36-9EF7-E7A0638B8076" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*", "matchCriteriaId": "6A69CD80-A0B5-4F5C-AD89-C220C347451F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2722E69A-0A36-4AB7-88C0-A80E2F36EBFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "78EA662F-EF89-4B84-97FE-2F785A58A43A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "67C66044-D05F-4AF5-B9D2-38CFF4585084" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "2B9D05A0-536E-40BA-917A-8ED71D7C5307" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*", "matchCriteriaId": "68552665-77A2-4F79-81FE-CB05022E4AEB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*", "matchCriteriaId": "8F2C3403-16C8-4E92-B8B6-06D10555C8AF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*", "matchCriteriaId": "738C9A2A-40AD-4E49-9BA4-B74D92D6F79F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*", "matchCriteriaId": "7F3C23D1-9129-4AA3-9944-29B7556D39B5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*", "matchCriteriaId": "051A38F9-DC6A-4019-BEFF-51451989A927" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*", "matchCriteriaId": "3F9C9A3B-A54D-48A8-9BDC-B6161663781A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "2AA940B5-540E-4334-9B4B-ECFC8C23F61F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F198455-3D7B-498D-999E-48DB99B80FAB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "6D059F39-8B86-4ADF-83E3-88F64D289AFC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*", "matchCriteriaId": "D961F98F-B752-42AE-B5B7-DFEBDCF5D1AB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*", "matchCriteriaId": "878527C0-C4A1-4153-A795-F7407B2A087B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*", "matchCriteriaId": "E28DCAB1-F16A-4C01-86CE-875BE358B334" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "DE306F89-3401-4B5B-8D3D-5740D20DFF1A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "B47E3E3A-6959-422F-B561-0CAC380D8A75" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "FA1BA2F1-3471-424F-9C7B-23568358E521" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*", "matchCriteriaId": "98F8FFF3-156E-414D-9902-8B626CCC2ACB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*", "matchCriteriaId": "63471AF0-49BB-4CDF-AF9C-C9557734099B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*", "matchCriteriaId": "F89A5320-10F4-46BE-9584-7EC623903C78" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*", "matchCriteriaId": "D4488726-9B52-488E-8F50-F7E32391800E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "26FCF4E3-C82A-484E-8159-9B84EDA84129" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "A14F3A2C-1412-4E5F-9D02-6CB4C9C4D920" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "6C24DFC5-060F-464A-B15A-A05FB86729B4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*", "matchCriteriaId": "20A976F2-00DD-48F3-8021-32E9088ADB10" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*", "matchCriteriaId": "077FBD05-7AC2-4550-A07C-D21CE2D24F1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*", "matchCriteriaId": "988F156D-21BD-4FE2-ADD0-AA38FA603B5D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*", "matchCriteriaId": "6B528F30-2A14-4692-8A9B-177AE355F37C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*", "matchCriteriaId": "F0530051-6DAC-407D-A5E8-271601C4BA7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*", "matchCriteriaId": "F23A9DB8-61EC-4838-8516-2DC97244008A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*", "matchCriteriaId": "81D4B414-C724-4F0A-85AC-A4F8FB074776" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "1FE4B086-A0C0-41BA-BAEA-0F01C431E62A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "C930E324-DB83-447D-8CD7-6FFF62D443B0" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*", "matchCriteriaId": "B40086C8-3E2F-4E1F-A7E0-075AB2D50548" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*", "matchCriteriaId": "8458A8D8-9BDA-4484-ABED-0FF42A3BF9B1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*", "matchCriteriaId": "D1385AB9-0C59-4F50-BBF7-6AE7E07CDEDD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*", "matchCriteriaId": "23683F36-43B3-4B76-BFE6-AE6A9B67E4B8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*", "matchCriteriaId": "32B1C5C6-0E1E-4910-A031-82C3B7314DBA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "AA0129CA-8173-41BB-8AEF-C48EC566575F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "FE08CE70-D877-48A8-9243-1A4B3F8AC6CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "F91DBD06-D971-48E3-878C-A1CB0A35AAD2" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22", "source": "cve@mitre.org", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] }, { "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec", "source": "cve@mitre.org", "tags": [ "Issue Tracking", "Patch", "Third Party Advisory" ] } ] }