CVE-2015-8239

NameCVE-2015-8239
DescriptionThe SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs805563

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
sudo (PTS)stretch1.8.19p1-2.1+deb9u2fixed
stretch (security)1.8.19p1-2.1+deb9u3fixed
buster, buster (security)1.8.27-1+deb10u3fixed
bullseye, sid1.9.5p2-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
sudosourcesqueeze(not affected)
sudosourcewheezy(not affected)
sudosource(unstable)1.8.17p1-1805563

Notes

[jessie] - sudo <no-dsa> (Minor issue)
[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
https://www.openwall.com/lists/oss-security/2015/11/10/2

Search for package or bug name: Reporting problems