CVE-2015-8239 - Vulnerability Details

The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.

No CVSS v4.0

No CVSS v3.1

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sudo Project	Sudo

Configuration 1 [-]

OR	cpe:2.3:a:sudo_project:sudo:1.8.8:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.8:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.8:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.8:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.8:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.9:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:p1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:p2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:p3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:p4::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:p5::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.9:rc2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.10:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:b4::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:p1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:p2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:p3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:rc2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.10:rc3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.11:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:b4::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:p1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:p2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.11:rc2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.12:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.12:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.12:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.12:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.12:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.12:rc2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.13:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.13:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.13:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.13:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.13:b4::::::
	cpe:2.3:a:sudo_project:sudo:1.8.13:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.13:rc2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.14:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:b4::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:p1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:p2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:p3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.14:rc1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.15:::::::*
	cpe:2.3:a:sudo_project:sudo:1.8.15:b1::::::
	cpe:2.3:a:sudo_project:sudo:1.8.15:b2::::::
	cpe:2.3:a:sudo_project:sudo:1.8.15:b3::::::
	cpe:2.3:a:sudo_project:sudo:1.8.15:b4::::::
	cpe:2.3:a:sudo_project:sudo:1.8.15:b5::::::
	cpe:2.3:a:sudo_project:sudo:1.8.15:rc1::::::
cpe:2.3:a:sudo_project:sudo:1.8.15:rc2::::::
cpe:2.3:a:sudo_project:sudo:1.8.15:rc3::::::

No data.

References

Link	Providers
http://www.openwall.com/lists/oss-security/2015/11/18/22
https://bugzilla.redhat.com/show_bug.cgi?id=1283635
https://nvd.nist.gov/vuln/detail/CVE-2015-8239
https://www.cve.org/CVERecord?id=CVE-2015-8239
https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
https://www.sudo.ws/repos/sudo/rev/397722cdd7ec

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-10T16:00:00

Updated: 2024-08-06T08:13:32.035Z

Reserved: 2015-11-18T00:00:00

Link: CVE-2015-8239

Vulnrichment

No data.

NVD

Status : Modified

Published: 2017-10-10T16:29:00.557

Modified: 2024-11-21T02:38:10.020

Link: CVE-2015-8239

Redhat

Severity : Moderate

Publid Date: 2015-11-09T00:00:00Z

Links: CVE-2015-8239 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"name": "[oss-security] 20151118 Re: race condition checking digests/checksums in sudoers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8239", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec", "refsource": "CONFIRM", "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}, {"name": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195", "refsource": "CONFIRM", "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"name": "[oss-security] 20151118 Re: race condition checking digests/checksums in sudoers", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"name": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64", "refsource": "CONFIRM", "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T08:13:32.035Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"name": "[oss-security] 20151118 Re: race condition checking digests/checksums in sudoers", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8239", "datePublished": "2017-10-10T16:00:00", "dateReserved": "2015-11-18T00:00:00", "dateUpdated": "2024-08-06T08:13:32.035Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A5545929-5E7F-4ACC-9670-7F564909DC42", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*", "matchCriteriaId": "B5D20E97-0026-4DC5-B1A6-39570600A9BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*", "matchCriteriaId": "174F8AAF-38D1-48F6-9BA2-884480E6A8BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*", "matchCriteriaId": "5B8908AB-2B94-4557-A6F9-C049FC3C10B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "D3C3811D-99DE-4E26-80F4-592808C147F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "69A62F0A-695D-46F7-8496-B008CC1C43A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*", "matchCriteriaId": "7571D30D-7472-4E09-9F39-566CAD1CCC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*", "matchCriteriaId": "A23708BC-4FD6-4961-A0C2-292C42458E2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*", "matchCriteriaId": "92D83173-61D1-41E4-B0C8-2212A5A53E07", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*", "matchCriteriaId": "310A6BE2-7346-4E99-9553-4C3D6D9420D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*", "matchCriteriaId": "D624014F-95AD-49CA-87CC-E8C74FAD9C2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*", "matchCriteriaId": "9289798D-7DB7-41B4-94C6-1032A670FD32", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*", "matchCriteriaId": "A8F46CAD-FCFB-4F41-920B-E2C743905261", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "7AC23759-808E-4570-A354-91A863E0DA7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "712742E1-2C23-43BC-903E-BFE5A0DC3F16", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "3CD0B574-8FB9-42FD-A470-7B7736BA256C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*", "matchCriteriaId": "C108672B-8D03-434F-8568-A50C4FC6141D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*", "matchCriteriaId": "C0C14B6E-491B-4299-9266-D0EAF81BFE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*", "matchCriteriaId": "EEC16E4A-8F31-49B7-8892-D3D3AD4260BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*", "matchCriteriaId": "CEE55EE5-655A-4804-A293-970EFB8ECBBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*", "matchCriteriaId": "20295CF1-A41D-4295-9D13-826B06591D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*", "matchCriteriaId": "8DE2D0F0-AA32-4A36-9EF7-E7A0638B8076", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*", "matchCriteriaId": "6A69CD80-A0B5-4F5C-AD89-C220C347451F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2722E69A-0A36-4AB7-88C0-A80E2F36EBFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "78EA662F-EF89-4B84-97FE-2F785A58A43A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "67C66044-D05F-4AF5-B9D2-38CFF4585084", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "2B9D05A0-536E-40BA-917A-8ED71D7C5307", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*", "matchCriteriaId": "68552665-77A2-4F79-81FE-CB05022E4AEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*", "matchCriteriaId": "8F2C3403-16C8-4E92-B8B6-06D10555C8AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*", "matchCriteriaId": "738C9A2A-40AD-4E49-9BA4-B74D92D6F79F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*", "matchCriteriaId": "7F3C23D1-9129-4AA3-9944-29B7556D39B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*", "matchCriteriaId": "051A38F9-DC6A-4019-BEFF-51451989A927", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*", "matchCriteriaId": "3F9C9A3B-A54D-48A8-9BDC-B6161663781A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "2AA940B5-540E-4334-9B4B-ECFC8C23F61F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F198455-3D7B-498D-999E-48DB99B80FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "6D059F39-8B86-4ADF-83E3-88F64D289AFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*", "matchCriteriaId": "D961F98F-B752-42AE-B5B7-DFEBDCF5D1AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*", "matchCriteriaId": "878527C0-C4A1-4153-A795-F7407B2A087B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*", "matchCriteriaId": "E28DCAB1-F16A-4C01-86CE-875BE358B334", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "DE306F89-3401-4B5B-8D3D-5740D20DFF1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "B47E3E3A-6959-422F-B561-0CAC380D8A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "FA1BA2F1-3471-424F-9C7B-23568358E521", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*", "matchCriteriaId": "98F8FFF3-156E-414D-9902-8B626CCC2ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*", "matchCriteriaId": "63471AF0-49BB-4CDF-AF9C-C9557734099B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*", "matchCriteriaId": "F89A5320-10F4-46BE-9584-7EC623903C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*", "matchCriteriaId": "D4488726-9B52-488E-8F50-F7E32391800E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "26FCF4E3-C82A-484E-8159-9B84EDA84129", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "A14F3A2C-1412-4E5F-9D02-6CB4C9C4D920", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "6C24DFC5-060F-464A-B15A-A05FB86729B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*", "matchCriteriaId": "20A976F2-00DD-48F3-8021-32E9088ADB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*", "matchCriteriaId": "077FBD05-7AC2-4550-A07C-D21CE2D24F1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*", "matchCriteriaId": "988F156D-21BD-4FE2-ADD0-AA38FA603B5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*", "matchCriteriaId": "6B528F30-2A14-4692-8A9B-177AE355F37C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*", "matchCriteriaId": "F0530051-6DAC-407D-A5E8-271601C4BA7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*", "matchCriteriaId": "F23A9DB8-61EC-4838-8516-2DC97244008A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*", "matchCriteriaId": "81D4B414-C724-4F0A-85AC-A4F8FB074776", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "1FE4B086-A0C0-41BA-BAEA-0F01C431E62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "C930E324-DB83-447D-8CD7-6FFF62D443B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*", "matchCriteriaId": "B40086C8-3E2F-4E1F-A7E0-075AB2D50548", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*", "matchCriteriaId": "8458A8D8-9BDA-4484-ABED-0FF42A3BF9B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*", "matchCriteriaId": "D1385AB9-0C59-4F50-BBF7-6AE7E07CDEDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*", "matchCriteriaId": "23683F36-43B3-4B76-BFE6-AE6A9B67E4B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*", "matchCriteriaId": "32B1C5C6-0E1E-4910-A031-82C3B7314DBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "AA0129CA-8173-41BB-8AEF-C48EC566575F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "FE08CE70-D877-48A8-9243-1A4B3F8AC6CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "F91DBD06-D971-48E3-878C-A1CB0A35AAD2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}, {"lang": "es", "value": "La compatibilidad con SHA-2 digest en el plugin sudoers en sudo, en versiones posteriores a la 1.8.7, permite que usuarios locales con permisos de escritura en partes del comando llamado los reemplace antes de ejecutarlo."}], "id": "CVE-2015-8239", "lastModified": "2024-11-21T02:38:10.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-10T16:29:00.557", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "sudo: Race condition when checking digests in sudoers", "id": "1283635", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "draft"}, "cwe": "CWE-367", "details": ["The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."], "name": "CVE-2015-8239", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-8239\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-8239"], "threat_severity": "Moderate"}

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object