Sudo versions prior to 1.9.5p2 suffer from buffer overflow and privilege escalation vulnerabilities.
c0008b896a425c3f34261956bc495cb7
A heap based buffer overflow exists in the sudo command line utility that can be exploited by a local attacker to gain elevated privileges. The vulnerability was introduced in July of 2011 and affects version 1.8.2 through 1.8.31p2 as well as 1.9.0 through 1.9.5p1 in their default configurations. The technique used by this implementation leverages the overflow to overwrite a service_user struct in memory to reference an attacker controlled library which results in it being loaded with the elevated privileges held by sudo.
5a520123546e73d450b7fef8df23c9de
Sudo version 1.9.5p1 Baron Samedit heap-based buffer overflow and privilege escalation exploit.
06abe878c8e1c4839b5ad21bf99c0808
Sudo version 1.8.25p suffers from a buffer overflow vulnerability.
233691530ff76c01d3ab563e31879327
sudo version 1.8.28 suffers from a security bypass vulnerability.
6156d8a204112f3740a39ba32ccb9066
If a user has sudo permissions to /usr/bin/docker, it can be leveraged to escalated privileges to root.
52de940cff9cf249313f9f59cec9e950
This Metasploit module gains a session with root permissions on versions of OS X with sudo binary vulnerable to CVE-2013-1775. Tested working on Mac OS 10.7-10.8.4, and possibly lower versions. If your session belongs to a user with Administrative Privileges (the user is in the sudoers file and is in the "admin group"), and the user has ever run the "sudo" command, it is possible to become the super user by running `sudo -k` and then resetting the system clock to 01-01-1970. This Metasploit module will fail silently if the user is not an admin or if the user has never run the sudo command.
c576a86d9ee4a93abc0dde1445edcab8
Todd Miller sudo 'sudoedit' local root exploit that affects 1.6.x versions before 1.6.9p21 and 1.7.x versions before 1.7.2p4.
60d786b17fad28be13d0a0d2dab5ae2c
sudosh3 is an auditing shell and filter based on sudosh2. It aims to improve file management and terminal emulation. Passwords are not recorded.
73c097d7eec6400a25f10bd121c8e07c
86 byte Linux/x86 edit /etc/sudoers for full access.
75ac9ea204450e8db590b8f578f55103
sudo versions 1.6.9p18 and below local privilege escalation exploit.
26ffab57d0b621d877b892fec2020d3f
Mandriva Linux Security Advisory - Charles Morris discovered a vulnerability in sudo versions prior to 1.6.8p12 where, when the perl taint flag is off, sudo does not clear the PERLLIB, PERL5LIB, and PERL5OPT environment variables, which could allow limited local users to cause a perl script to include and execute arbitrary library files that have the same name as library files that included by the script.
737c71e08b627c2bdf910d969d1327ad
Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.
26689850763402295ae09b43b6f7fa81
A race condition exists in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands.
5939f94fefe664dba75391d01aae7038
Local exploit for sudo version 1.6.8p1 that makes use of a flaw in sudoedit.
fdc1b829ba7147a4d81881f9024a77e2
sudo version 1.6.8p1 has been released to address a security flaw in sudoedit that could give a malicious user read access to file that would normally be unreadable.
bc14fbcb3df1464bd4114345306db2d3
Local root exploit for sudo + postfix. Exploits sudo prior to sudo-1.6.4.1. Tested on debian powerpc unstable.
055ebc951dada82997439ceafe436d5b
Sudo v1.5.6p2-2, a program that provides limited superuser privileges, does not properly handle improper file access attempts, revealing information about file existence.
6321b3933f068eeeff338008a65dea77