CVE-2015-8239 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 74%

Affected Products (NVD)

Vendor	Product	Version
sudo_project	sudo	1.8.8
sudo_project	sudo	1.8.8:b1
sudo_project	sudo	1.8.8:b2
sudo_project	sudo	1.8.8:b3
sudo_project	sudo	1.8.8:rc1
sudo_project	sudo	1.8.9
sudo_project	sudo	1.8.9:b1
sudo_project	sudo	1.8.9:b2
sudo_project	sudo	1.8.9:p1
sudo_project	sudo	1.8.9:p2
sudo_project	sudo	1.8.9:p3
sudo_project	sudo	1.8.9:p4
sudo_project	sudo	1.8.9:p5
sudo_project	sudo	1.8.9:rc1
sudo_project	sudo	1.8.9:rc2
sudo_project	sudo	1.8.10
sudo_project	sudo	1.8.10:b1
sudo_project	sudo	1.8.10:b2
sudo_project	sudo	1.8.10:b3
sudo_project	sudo	1.8.10:b4
sudo_project	sudo	1.8.10:p1
sudo_project	sudo	1.8.10:p2
sudo_project	sudo	1.8.10:p3
sudo_project	sudo	1.8.10:rc1
sudo_project	sudo	1.8.10:rc2
sudo_project	sudo	1.8.10:rc3
sudo_project	sudo	1.8.11
sudo_project	sudo	1.8.11:b1
sudo_project	sudo	1.8.11:b2
sudo_project	sudo	1.8.11:b3
sudo_project	sudo	1.8.11:b4
sudo_project	sudo	1.8.11:p1
sudo_project	sudo	1.8.11:p2
sudo_project	sudo	1.8.11:rc1
sudo_project	sudo	1.8.11:rc2
sudo_project	sudo	1.8.12
sudo_project	sudo	1.8.12:b1
sudo_project	sudo	1.8.12:b2
sudo_project	sudo	1.8.12:b3
sudo_project	sudo	1.8.12:rc1
sudo_project	sudo	1.8.12:rc2
sudo_project	sudo	1.8.13
sudo_project	sudo	1.8.13:b1
sudo_project	sudo	1.8.13:b2
sudo_project	sudo	1.8.13:b3
sudo_project	sudo	1.8.13:b4
sudo_project	sudo	1.8.13:rc1
sudo_project	sudo	1.8.13:rc2
sudo_project	sudo	1.8.14
sudo_project	sudo	1.8.14:b1
sudo_project	sudo	1.8.14:b2
sudo_project	sudo	1.8.14:b3
sudo_project	sudo	1.8.14:b4
sudo_project	sudo	1.8.14:p1
sudo_project	sudo	1.8.14:p2
sudo_project	sudo	1.8.14:p3
sudo_project	sudo	1.8.14:rc1
sudo_project	sudo	1.8.15
sudo_project	sudo	1.8.15:b1
sudo_project	sudo	1.8.15:b2
sudo_project	sudo	1.8.15:b3
sudo_project	sudo	1.8.15:b4
sudo_project	sudo	1.8.15:b5
sudo_project	sudo	1.8.15:rc1
sudo_project	sudo	1.8.15:rc2
sudo_project	sudo	1.8.15:rc3

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

sudo

bookworm	1.9.13p3-1+deb12u1 fixed
bullseye	1.9.5p2-3+deb11u1 fixed
bullseye (security)	1.9.5p2-3+deb11u1 fixed
jessie	no-dsa
sid	1.9.16-2 fixed
squeeze	not-affected
trixie	1.9.16-2 fixed
wheezy	not-affected

Ubuntu Releases

Ubuntu Product

Codename

sudo

artful	not-affected
bionic	not-affected
cosmic	not-affected
disco	not-affected
eoan	not-affected
focal	not-affected
groovy	not-affected
hirsute	not-affected
impish	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
mantic	not-affected
noble	not-affected
precise	ignored
trusty	needed
vivid	ignored
wily	ignored
xenial	not-affected
yakkety	not-affected
zesty	not-affected

Common Weakness Enumeration

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

References

http://www.openwall.com/lists/oss-security/2015/11/18/22

https://bugzilla.redhat.com/show_bug.cgi?id=1283635

https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195

https://www.sudo.ws/repos/sudo/rev/24a3d9215c64

https://www.sudo.ws/repos/sudo/rev/397722cdd7ec

http://www.openwall.com/lists/oss-security/2015/11/18/22

https://bugzilla.redhat.com/show_bug.cgi?id=1283635

https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195

https://www.sudo.ws/repos/sudo/rev/24a3d9215c64

https://www.sudo.ws/repos/sudo/rev/397722cdd7ec