CVE-2015-8239

{"id": "CVE-2015-8239", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.0, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.0}]}, "published": "2017-10-10T16:29:00.557", "references": [{"url": "http://www.openwall.com/lists/oss-security/2015/11/18/22", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283635", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sudo.ws/repos/sudo/rev/24a3d9215c64", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.sudo.ws/repos/sudo/rev/397722cdd7ec", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed."}, {"lang": "es", "value": "La compatibilidad con SHA-2 digest en el plugin sudoers en sudo, en versiones posteriores a la 1.8.7, permite que usuarios locales con permisos de escritura en partes del comando llamado los reemplace antes de ejecutarlo."}], "lastModified": "2017-11-05T21:23:16.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5545929-5E7F-4ACC-9670-7F564909DC42"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5D20E97-0026-4DC5-B1A6-39570600A9BA"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "174F8AAF-38D1-48F6-9BA2-884480E6A8BD"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B8908AB-2B94-4557-A6F9-C049FC3C10B2"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.8:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D3C3811D-99DE-4E26-80F4-592808C147F0"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "69A62F0A-695D-46F7-8496-B008CC1C43A6"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7571D30D-7472-4E09-9F39-566CAD1CCC78"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A23708BC-4FD6-4961-A0C2-292C42458E2A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "92D83173-61D1-41E4-B0C8-2212A5A53E07"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "310A6BE2-7346-4E99-9553-4C3D6D9420D7"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D624014F-95AD-49CA-87CC-E8C74FAD9C2A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9289798D-7DB7-41B4-94C6-1032A670FD32"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:p5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8F46CAD-FCFB-4F41-920B-E2C743905261"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7AC23759-808E-4570-A354-91A863E0DA7A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.9:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "712742E1-2C23-43BC-903E-BFE5A0DC3F16"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3CD0B574-8FB9-42FD-A470-7B7736BA256C"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C108672B-8D03-434F-8568-A50C4FC6141D"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0C14B6E-491B-4299-9266-D0EAF81BFE55"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEC16E4A-8F31-49B7-8892-D3D3AD4260BC"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:b4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CEE55EE5-655A-4804-A293-970EFB8ECBBB"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20295CF1-A41D-4295-9D13-826B06591D58"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DE2D0F0-AA32-4A36-9EF7-E7A0638B8076"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6A69CD80-A0B5-4F5C-AD89-C220C347451F"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2722E69A-0A36-4AB7-88C0-A80E2F36EBFC"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78EA662F-EF89-4B84-97FE-2F785A58A43A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.10:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67C66044-D05F-4AF5-B9D2-38CFF4585084"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B9D05A0-536E-40BA-917A-8ED71D7C5307"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "68552665-77A2-4F79-81FE-CB05022E4AEB"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8F2C3403-16C8-4E92-B8B6-06D10555C8AF"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "738C9A2A-40AD-4E49-9BA4-B74D92D6F79F"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:b4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F3C23D1-9129-4AA3-9944-29B7556D39B5"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "051A38F9-DC6A-4019-BEFF-51451989A927"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F9C9A3B-A54D-48A8-9BDC-B6161663781A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2AA940B5-540E-4334-9B4B-ECFC8C23F61F"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.11:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F198455-3D7B-498D-999E-48DB99B80FAB"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D059F39-8B86-4ADF-83E3-88F64D289AFC"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D961F98F-B752-42AE-B5B7-DFEBDCF5D1AB"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "878527C0-C4A1-4153-A795-F7407B2A087B"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E28DCAB1-F16A-4C01-86CE-875BE358B334"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DE306F89-3401-4B5B-8D3D-5740D20DFF1A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.12:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B47E3E3A-6959-422F-B561-0CAC380D8A75"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA1BA2F1-3471-424F-9C7B-23568358E521"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98F8FFF3-156E-414D-9902-8B626CCC2ACB"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "63471AF0-49BB-4CDF-AF9C-C9557734099B"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F89A5320-10F4-46BE-9584-7EC623903C78"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:b4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4488726-9B52-488E-8F50-F7E32391800E"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26FCF4E3-C82A-484E-8159-9B84EDA84129"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A14F3A2C-1412-4E5F-9D02-6CB4C9C4D920"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6C24DFC5-060F-464A-B15A-A05FB86729B4"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "20A976F2-00DD-48F3-8021-32E9088ADB10"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "077FBD05-7AC2-4550-A07C-D21CE2D24F1E"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "988F156D-21BD-4FE2-ADD0-AA38FA603B5D"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:b4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6B528F30-2A14-4692-8A9B-177AE355F37C"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F0530051-6DAC-407D-A5E8-271601C4BA7A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F23A9DB8-61EC-4838-8516-2DC97244008A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:p3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "81D4B414-C724-4F0A-85AC-A4F8FB074776"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1FE4B086-A0C0-41BA-BAEA-0F01C431E62A"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C930E324-DB83-447D-8CD7-6FFF62D443B0"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B40086C8-3E2F-4E1F-A7E0-075AB2D50548"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8458A8D8-9BDA-4484-ABED-0FF42A3BF9B1"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1385AB9-0C59-4F50-BBF7-6AE7E07CDEDD"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23683F36-43B3-4B76-BFE6-AE6A9B67E4B8"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:b5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32B1C5C6-0E1E-4910-A031-82C3B7314DBA"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA0129CA-8173-41BB-8AEF-C48EC566575F"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE08CE70-D877-48A8-9243-1A4B3F8AC6CA"}, {"criteria": "cpe:2.3:a:sudo_project:sudo:1.8.15:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F91DBD06-D971-48E3-878C-A1CB0A35AAD2"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}