Fluid Attacks Database

Description

Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an input validation (embedded newlines) in the get_process_ttyname() function resulting in information disclosure and command execution.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
alpine v3.11	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.12	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.14	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.15	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.7	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.9	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.13	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.8	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
alpine v3.10	sudo	=1.6.9_p17-r1 \|\| =1.7.0-r0 \|\| =1.7.1-r0 \|\| =1.7.2-r0 \|\| =1.7.2_p1-r0 \|\| =1.7.2_p2-r0 \|\| =1.7.2_p4-r0 \|\| =1.7.2_p5-r0 \|\| =1.7.2_p6-r0 \|\| =1.7.2_p6-r1 \|\| =1.7.2_p7-r0 \|\| =1.7.3-r0 \|\| =1.7.4_p2-r0 \|\| =1.7.4_p3-r0 \|\| =1.7.4_p4-r0 \|\| =1.7.4_p5-r0 \|\| =1.7.4p6-r0 \|\| =1.8.0-r0 \|\| =1.8.0-r1 \|\| =1.8.1-r0 \|\| =1.8.10-r0 \|\| =1.8.10_p1-r0 \|\| =1.8.10_p2-r0 \|\| =1.8.10_p3-r0 \|\| =1.8.11_p2-r0 \|\| =1.8.12-r0 \|\| =1.8.13-r0 \|\| =1.8.14_p3-r0 \|\| =1.8.14_p3-r1 \|\| =1.8.15-r0 \|\| =1.8.15-r1 \|\| =1.8.16-r0 \|\| =1.8.17-r0 \|\| =1.8.17_p1-r0 \|\| =1.8.18-r0 \|\| =1.8.18_p1-r0 \|\| =1.8.19_p1-r0 \|\| =1.8.19_p2-r0 \|\| =1.8.1p1-r0 \|\| =1.8.2-r0 \|\| =1.8.20_p1-r0 \|\| =1.8.3-r0 \|\| =1.8.3_p1-r0 \|\| =1.8.3_p2-r0 \|\| =1.8.3_p2-r1 \|\| =1.8.4-r0 \|\| =1.8.4_p1-r0 \|\| =1.8.4_p2-r0 \|\| =1.8.4_p4-r0 \|\| =1.8.5_p1-r0 \|\| =1.8.5_p2-r0 \|\| =1.8.5_p3-r0 \|\| =1.8.6-r0 \|\| =1.8.6_p1-r0 \|\| =1.8.6_p3-r0 \|\| =1.8.6_p4-r0 \|\| =1.8.6_p5-r0 \|\| =1.8.6_p6-r0 \|\| =1.8.6_p7-r0 \|\| =1.8.6_p8-r0 \|\| =1.8.7-r0 \|\| =1.8.8-r0 \|\| =1.8.9_p4-r0 \|\| =1.8.9_p5-r0 \|\| >=0 <1.8.20_p2-r0	1.8.20_p2-r0
debian 12	sudo	>=0 <1.8.20p1-1.1	1.8.20p1-1.1

1-10 of 16

Aliases

1. CVE-2017-10003682. NVD-2017-10003683. OSV-ALPINE-2017-10003684. OSV-2017-10003685. OSV-DEBIAN-2017-10003686. SECURITY-CVE-2017-10003687. SECURITY-TRACKER-CVE-2017-1000368

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.