CVE-2015-8239

Published Oct 10, 2017
Last updated 7 years ago
CVSS high 7.0
Overview

Description: The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.0

Type: Primary
Base score: 7
Impact score: 5.9
Exploitability score: 1
Vector string: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 6.9
Impact score: 10
Exploitability score: 3.4
Vector string: AV:L/AC:M/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-362
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5545929-5E7F-4ACC-9670-7F564909DC42"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5D20E97-0026-4DC5-B1A6-39570600A9BA"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "174F8AAF-38D1-48F6-9BA2-884480E6A8BD"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5B8908AB-2B94-4557-A6F9-C049FC3C10B2"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D3C3811D-99DE-4E26-80F4-592808C147F0"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69A62F0A-695D-46F7-8496-B008CC1C43A6"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7571D30D-7472-4E09-9F39-566CAD1CCC78"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A23708BC-4FD6-4961-A0C2-292C42458E2A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "92D83173-61D1-41E4-B0C8-2212A5A53E07"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "310A6BE2-7346-4E99-9553-4C3D6D9420D7"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D624014F-95AD-49CA-87CC-E8C74FAD9C2A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9289798D-7DB7-41B4-94C6-1032A670FD32"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8F46CAD-FCFB-4F41-920B-E2C743905261"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AC23759-808E-4570-A354-91A863E0DA7A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "712742E1-2C23-43BC-903E-BFE5A0DC3F16"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3CD0B574-8FB9-42FD-A470-7B7736BA256C"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C108672B-8D03-434F-8568-A50C4FC6141D"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0C14B6E-491B-4299-9266-D0EAF81BFE55"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEC16E4A-8F31-49B7-8892-D3D3AD4260BC"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CEE55EE5-655A-4804-A293-970EFB8ECBBB"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20295CF1-A41D-4295-9D13-826B06591D58"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DE2D0F0-AA32-4A36-9EF7-E7A0638B8076"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A69CD80-A0B5-4F5C-AD89-C220C347451F"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2722E69A-0A36-4AB7-88C0-A80E2F36EBFC"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "78EA662F-EF89-4B84-97FE-2F785A58A43A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67C66044-D05F-4AF5-B9D2-38CFF4585084"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B9D05A0-536E-40BA-917A-8ED71D7C5307"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "68552665-77A2-4F79-81FE-CB05022E4AEB"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8F2C3403-16C8-4E92-B8B6-06D10555C8AF"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "738C9A2A-40AD-4E49-9BA4-B74D92D6F79F"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F3C23D1-9129-4AA3-9944-29B7556D39B5"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "051A38F9-DC6A-4019-BEFF-51451989A927"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F9C9A3B-A54D-48A8-9BDC-B6161663781A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2AA940B5-540E-4334-9B4B-ECFC8C23F61F"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F198455-3D7B-498D-999E-48DB99B80FAB"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D059F39-8B86-4ADF-83E3-88F64D289AFC"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D961F98F-B752-42AE-B5B7-DFEBDCF5D1AB"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "878527C0-C4A1-4153-A795-F7407B2A087B"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E28DCAB1-F16A-4C01-86CE-875BE358B334"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DE306F89-3401-4B5B-8D3D-5740D20DFF1A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B47E3E3A-6959-422F-B561-0CAC380D8A75"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA1BA2F1-3471-424F-9C7B-23568358E521"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98F8FFF3-156E-414D-9902-8B626CCC2ACB"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "63471AF0-49BB-4CDF-AF9C-C9557734099B"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F89A5320-10F4-46BE-9584-7EC623903C78"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D4488726-9B52-488E-8F50-F7E32391800E"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26FCF4E3-C82A-484E-8159-9B84EDA84129"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A14F3A2C-1412-4E5F-9D02-6CB4C9C4D920"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C24DFC5-060F-464A-B15A-A05FB86729B4"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "20A976F2-00DD-48F3-8021-32E9088ADB10"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "077FBD05-7AC2-4550-A07C-D21CE2D24F1E"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "988F156D-21BD-4FE2-ADD0-AA38FA603B5D"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B528F30-2A14-4692-8A9B-177AE355F37C"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F0530051-6DAC-407D-A5E8-271601C4BA7A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F23A9DB8-61EC-4838-8516-2DC97244008A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "81D4B414-C724-4F0A-85AC-A4F8FB074776"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE4B086-A0C0-41BA-BAEA-0F01C431E62A"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C930E324-DB83-447D-8CD7-6FFF62D443B0"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B40086C8-3E2F-4E1F-A7E0-075AB2D50548"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8458A8D8-9BDA-4484-ABED-0FF42A3BF9B1"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1385AB9-0C59-4F50-BBF7-6AE7E07CDEDD"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "23683F36-43B3-4B76-BFE6-AE6A9B67E4B8"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32B1C5C6-0E1E-4910-A031-82C3B7314DBA"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AA0129CA-8173-41BB-8AEF-C48EC566575F"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE08CE70-D877-48A8-9243-1A4B3F8AC6CA"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F91DBD06-D971-48E3-878C-A1CB0A35AAD2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References
