Todd Miller’s sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.
CPE | Name | Operator | Version |
---|---|---|---|
sudo | eq | 1.7.4_p2-r1 | |
sudo | eq | 1.8.10_p3-r1 | |
sudo | eq | 1.8.6_p8-r1 | |
sudo | eq | 1.7.4_p4-r1 | |
sudo | eq | 1.8.4_p4-r1 | |
sudo | eq | 1.8.8-r1 | |
sudo | eq | 1.8.18_p1-r1 | |
sudo | eq | 1.7.2_p6-r1 | |
sudo | eq | 1.8.6_p7-r1 | |
sudo | eq | 1.8.17-r1 |