{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-18T00:00:00", "descriptions": [{"lang": "en", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-10T15:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"name": "[oss-security] 20151118 Re: race condition checking digests/checksums in sudoers", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-8239", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec", "refsource": "CONFIRM", "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}, {"name": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195", "refsource": "CONFIRM", "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"name": "[oss-security] 20151118 Re: race condition checking digests/checksums in sudoers", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"name": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64", "refsource": "CONFIRM", "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-8239", "datePublished": "2017-10-10T16:00:00", "dateReserved": "2015-11-18T00:00:00", "dateUpdated": "2017-10-10T15:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*", "matchCriteriaId": "A5545929-5E7F-4ACC-9670-7F564909DC42", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*", "matchCriteriaId": "B5D20E97-0026-4DC5-B1A6-39570600A9BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*", "matchCriteriaId": "174F8AAF-38D1-48F6-9BA2-884480E6A8BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*", "matchCriteriaId": "5B8908AB-2B94-4557-A6F9-C049FC3C10B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*", "matchCriteriaId": "D3C3811D-99DE-4E26-80F4-592808C147F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*", "matchCriteriaId": "69A62F0A-695D-46F7-8496-B008CC1C43A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*", "matchCriteriaId": "7571D30D-7472-4E09-9F39-566CAD1CCC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*", "matchCriteriaId": "A23708BC-4FD6-4961-A0C2-292C42458E2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*", "matchCriteriaId": "92D83173-61D1-41E4-B0C8-2212A5A53E07", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*", "matchCriteriaId": "310A6BE2-7346-4E99-9553-4C3D6D9420D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*", "matchCriteriaId": "D624014F-95AD-49CA-87CC-E8C74FAD9C2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*", "matchCriteriaId": "9289798D-7DB7-41B4-94C6-1032A670FD32", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*", "matchCriteriaId": "A8F46CAD-FCFB-4F41-920B-E2C743905261", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*", "matchCriteriaId": "7AC23759-808E-4570-A354-91A863E0DA7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*", "matchCriteriaId": "712742E1-2C23-43BC-903E-BFE5A0DC3F16", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*", "matchCriteriaId": "3CD0B574-8FB9-42FD-A470-7B7736BA256C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*", "matchCriteriaId": "C108672B-8D03-434F-8568-A50C4FC6141D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*", "matchCriteriaId": "C0C14B6E-491B-4299-9266-D0EAF81BFE55", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*", "matchCriteriaId": "EEC16E4A-8F31-49B7-8892-D3D3AD4260BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*", "matchCriteriaId": "CEE55EE5-655A-4804-A293-970EFB8ECBBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*", "matchCriteriaId": "20295CF1-A41D-4295-9D13-826B06591D58", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*", "matchCriteriaId": "8DE2D0F0-AA32-4A36-9EF7-E7A0638B8076", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*", "matchCriteriaId": "6A69CD80-A0B5-4F5C-AD89-C220C347451F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*", "matchCriteriaId": "2722E69A-0A36-4AB7-88C0-A80E2F36EBFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*", "matchCriteriaId": "78EA662F-EF89-4B84-97FE-2F785A58A43A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*", "matchCriteriaId": "67C66044-D05F-4AF5-B9D2-38CFF4585084", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*", "matchCriteriaId": "2B9D05A0-536E-40BA-917A-8ED71D7C5307", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*", "matchCriteriaId": "68552665-77A2-4F79-81FE-CB05022E4AEB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*", "matchCriteriaId": "8F2C3403-16C8-4E92-B8B6-06D10555C8AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*", "matchCriteriaId": "738C9A2A-40AD-4E49-9BA4-B74D92D6F79F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*", "matchCriteriaId": "7F3C23D1-9129-4AA3-9944-29B7556D39B5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*", "matchCriteriaId": "051A38F9-DC6A-4019-BEFF-51451989A927", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*", "matchCriteriaId": "3F9C9A3B-A54D-48A8-9BDC-B6161663781A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*", "matchCriteriaId": "2AA940B5-540E-4334-9B4B-ECFC8C23F61F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*", "matchCriteriaId": "6F198455-3D7B-498D-999E-48DB99B80FAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*", "matchCriteriaId": "6D059F39-8B86-4ADF-83E3-88F64D289AFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*", "matchCriteriaId": "D961F98F-B752-42AE-B5B7-DFEBDCF5D1AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*", "matchCriteriaId": "878527C0-C4A1-4153-A795-F7407B2A087B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*", "matchCriteriaId": "E28DCAB1-F16A-4C01-86CE-875BE358B334", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*", "matchCriteriaId": "DE306F89-3401-4B5B-8D3D-5740D20DFF1A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*", "matchCriteriaId": "B47E3E3A-6959-422F-B561-0CAC380D8A75", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*", "matchCriteriaId": "FA1BA2F1-3471-424F-9C7B-23568358E521", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*", "matchCriteriaId": "98F8FFF3-156E-414D-9902-8B626CCC2ACB", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*", "matchCriteriaId": "63471AF0-49BB-4CDF-AF9C-C9557734099B", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*", "matchCriteriaId": "F89A5320-10F4-46BE-9584-7EC623903C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*", "matchCriteriaId": "D4488726-9B52-488E-8F50-F7E32391800E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*", "matchCriteriaId": "26FCF4E3-C82A-484E-8159-9B84EDA84129", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*", "matchCriteriaId": "A14F3A2C-1412-4E5F-9D02-6CB4C9C4D920", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*", "matchCriteriaId": "6C24DFC5-060F-464A-B15A-A05FB86729B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*", "matchCriteriaId": "20A976F2-00DD-48F3-8021-32E9088ADB10", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*", "matchCriteriaId": "077FBD05-7AC2-4550-A07C-D21CE2D24F1E", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*", "matchCriteriaId": "988F156D-21BD-4FE2-ADD0-AA38FA603B5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*", "matchCriteriaId": "6B528F30-2A14-4692-8A9B-177AE355F37C", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*", "matchCriteriaId": "F0530051-6DAC-407D-A5E8-271601C4BA7A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*", "matchCriteriaId": "F23A9DB8-61EC-4838-8516-2DC97244008A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*", "matchCriteriaId": "81D4B414-C724-4F0A-85AC-A4F8FB074776", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*", "matchCriteriaId": "1FE4B086-A0C0-41BA-BAEA-0F01C431E62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*", "matchCriteriaId": "C930E324-DB83-447D-8CD7-6FFF62D443B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*", "matchCriteriaId": "B40086C8-3E2F-4E1F-A7E0-075AB2D50548", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*", "matchCriteriaId": "8458A8D8-9BDA-4484-ABED-0FF42A3BF9B1", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*", "matchCriteriaId": "D1385AB9-0C59-4F50-BBF7-6AE7E07CDEDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*", "matchCriteriaId": "23683F36-43B3-4B76-BFE6-AE6A9B67E4B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*", "matchCriteriaId": "32B1C5C6-0E1E-4910-A031-82C3B7314DBA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*", "matchCriteriaId": "AA0129CA-8173-41BB-8AEF-C48EC566575F", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*", "matchCriteriaId": "FE08CE70-D877-48A8-9243-1A4B3F8AC6CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*", "matchCriteriaId": "F91DBD06-D971-48E3-878C-A1CB0A35AAD2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}, {"lang": "es", "value": "La compatibilidad con SHA-2 digest en el plugin sudoers en sudo, en versiones posteriores a la 1.8.7, permite que usuarios locales con permisos de escritura en partes del comando llamado los reemplace antes de ejecutarlo."}], "id": "CVE-2015-8239", "lastModified": "2017-11-05T21:23:16.497", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-10T16:29:00.557", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2015/11/18/22"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}