Main Vulnerability Database Vulnerabilities #VU38129

Race condition in Sudo - CVE-2015-8239

Published: October 10, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38129

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-8239

CWE-ID: CWE-362

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Sudo

Affected software:
Sudo

Detailed vulnerability description

The vulnerability allows a local authenticated user to execute arbitrary code.

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

How to mitigate CVE-2015-8239

Install update from vendor's website.

Sources

http://www.openwall.com/lists/oss-security/2015/11/18/22
https://bugzilla.redhat.com/show_bug.cgi?id=1283635
https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
https://www.sudo.ws/repos/sudo/rev/397722cdd7ec

Race condition in Sudo - CVE-2015-8239

Detailed vulnerability description

How to mitigate CVE-2015-8239

Sources

Please verify you're human