Suggestions search

All statuses

Filter by:

With package: qsudo

Found 2 matching suggestions

View:

Compact

Detailed

Untriaged

Permalink CVE-2026-35535

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 weeks ago

In Sudo through 1.9.17p2 before 3e474c2, a failure of a …

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

References

Affected products

Sudo

<3e474c2f201484be83d994ae10a4e20e8c81bb69

Matching in nixpkgs

pkgs.sudo

Command to run commands as root

nixos-unstable 1.9.17p2
- nixpkgs-unstable 1.9.17p2
- nixos-unstable-small 1.9.17p2
nixos-25.11 1.9.17p2
- nixos-25.11-small 1.9.17p2
- nixpkgs-25.11-darwin 1.9.17p2

pkgs.qsudo

Graphical sudo utility from Project Trident

nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27

pkgs.sudo-rs

Memory safe implementation of sudo and su

nixos-unstable 0.2.13
- nixpkgs-unstable 0.2.13
- nixos-unstable-small 0.2.13
nixos-25.11 0.2.13
- nixos-25.11-small 0.2.13
- nixpkgs-25.11-darwin 0.2.13

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.sudo-font

Font for programmers and command line users

nixos-unstable 3.4
- nixpkgs-unstable 3.4
- nixos-unstable-small 3.4
nixos-25.11 3.4
- nixos-25.11-small 3.4
- nixpkgs-25.11-darwin 3.4

pkgs.darwin.sudo

None

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

nixos-unstable 49.4
- nixpkgs-unstable 49.4
- nixos-unstable-small 49.4
nixos-25.11 49.2
- nixos-25.11-small 49.2
- nixpkgs-25.11-darwin 49.2

pkgs.doas-sudo-shim

Shim for the sudo command that utilizes doas

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.lxqt.lxqt-sudo

GUI frontend for sudo/su

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.yaziPlugins.sudo

Call `sudo` in yazi

nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05

pkgs.libsForQt5.ksudoku

Suduko game

pkgs.kdePackages.ksudoku

KSudoku is a logic-based symbol placement puzzle

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksudoku

Suduko game

pkgs.fishPlugins.plugin-sudope

Fish plugin to quickly put 'sudo' in your command

nixos-unstable 0-unstable-2025-09-16
- nixpkgs-unstable 0-unstable-2025-09-16
- nixos-unstable-small 0-unstable-2025-09-16
nixos-25.11 0-unstable-2025-09-16
- nixos-25.11-small 0-unstable-2025-09-16
- nixpkgs-25.11-darwin 0-unstable-2025-09-16

Package maintainers

@dani0854 Danil Suetin <suetin085+nixpkgs@protonmail.com>
@Anomalocaridid Duncan Russell <duncan@anomalocaris.xyz>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@K900 Ilya K. <me@0upti.me>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@NickCao Nick Cao <nickcao@nichi.co>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@exploitoverload Asier Armenteros <nix@exploitoverload.com>
@rhendric Ryan Hendrickson
@nicoonoclaste nicoo <nicoo@debian.org>
@R-VdP Ramses <ramses@well-founded.dev>
@khaneliman Austin Horstman <khaneliman12@gmail.com>

Untriaged

Permalink CVE-2005-4890

created 2 months ago

There is a possible tty hijacking in shadow 4.x before …

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

References

http://www.openwall.com/lists/oss-security/2014/12/15/5 x_transferredx_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2005-4890 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2005-4890 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/06/8 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/20/3 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/28/10 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/29/5 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/10/20/9 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/10/21/1 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2016/02/25/6 x_transferredx_refsource_MISC

Affected products

sudo

==1.x before 1.7.4

shadow

==4.x before 4.1.5

Matching in nixpkgs

pkgs.su

Suite containing authentication-related tools such as passwd and su

nixos-unstable 4.18.0
- nixpkgs-unstable 4.18.0
- nixos-unstable-small 4.18.0
nixos-25.11 4.18.0
- nixos-25.11-small 4.18.0
- nixpkgs-25.11-darwin 4.18.0

pkgs.sudo

Command to run commands as root

nixos-unstable 1.9.17p2
- nixpkgs-unstable 1.9.17p2
- nixos-unstable-small 1.9.17p2
nixos-25.11 1.9.17p2
- nixos-25.11-small 1.9.17p2
- nixpkgs-25.11-darwin 1.9.17p2

pkgs.qsudo

Graphical sudo utility from Project Trident

nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27

pkgs.shadow

Suite containing authentication-related tools such as passwd and su

nixos-unstable 4.18.0
- nixpkgs-unstable 4.18.0
- nixos-unstable-small 4.18.0
nixos-25.11 4.18.0
- nixos-25.11-small 4.18.0
- nixpkgs-25.11-darwin 4.18.0

pkgs.sudo-rs

Memory safe implementation of sudo and su

nixos-unstable 0.2.12
- nixpkgs-unstable 0.2.12
- nixos-unstable-small 0.2.12
nixos-25.11 0.2.12
- nixos-25.11-small 0.2.12
- nixpkgs-25.11-darwin 0.2.12

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.shadowenv

reversible directory-local environment variable manipulations

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.11 3.4.0
- nixos-25.11-small 3.4.0
- nixpkgs-25.11-darwin 3.4.0

pkgs.shadowfox

Universal dark theme for Firefox while adhering to the modern design principles set by Mozilla

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.sudo-font

Font for programmers and command line users

nixos-unstable 3.4
- nixpkgs-unstable 3.4
- nixos-unstable-small 3.4
nixos-25.11 3.4
- nixos-25.11-small 3.4
- nixpkgs-25.11-darwin 3.4

pkgs.shadow-tls

Proxy to expose real tls handshake to the firewall

nixos-unstable 0.2.25
- nixpkgs-unstable 0.2.25
- nixos-unstable-small 0.2.25
nixos-25.11 0.2.25
- nixos-25.11-small 0.2.25
- nixpkgs-25.11-darwin 0.2.25

pkgs.darwin.sudo

None

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

nixos-unstable 49.4
- nixpkgs-unstable 49.4
- nixos-unstable-small 49.4
nixos-25.11 49.2
- nixos-25.11-small 49.2
- nixpkgs-25.11-darwin 49.2

pkgs.doas-sudo-shim

Shim for the sudo command that utilizes doas

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.lxqt.lxqt-sudo

GUI frontend for sudo/su

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.go-shadowsocks2

Fresh implementation of Shadowsocks in Go

nixos-unstable shadowsocks2-0.1.5
- nixpkgs-unstable shadowsocks2-0.1.5
- nixos-unstable-small shadowsocks2-0.1.5
nixos-25.11 shadowsocks2-0.1.5
- nixos-25.11-small shadowsocks2-0.1.5
- nixpkgs-25.11-darwin shadowsocks2-0.1.5

pkgs.shadowsocks-rust

Rust port of Shadowsocks

nixos-unstable 1.24.0
- nixpkgs-unstable 1.24.0
- nixos-unstable-small 1.24.0
nixos-25.11 1.23.5
- nixos-25.11-small 1.23.5
- nixpkgs-25.11-darwin 1.23.5

pkgs.yaziPlugins.sudo

Call `sudo` in yazi

nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05

pkgs.shadowsocks-libev

Lightweight secured SOCKS5 proxy

nixos-unstable 3.3.5
- nixpkgs-unstable 3.3.5
- nixos-unstable-small 3.3.5
nixos-25.11 3.3.5
- nixos-25.11-small 3.3.5
- nixpkgs-25.11-darwin 3.3.5

pkgs.libsForQt5.ksudoku

Suduko game

pkgs.kdePackages.ksudoku

KSudoku is a logic-based symbol placement puzzle

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.typstPackages.shadowed

Box shadows for Typst

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.plasma5Packages.ksudoku

Suduko game

pkgs.shadowsocks-v2ray-plugin

Yet another SIP003 plugin for shadowsocks, based on v2ray

nixos-unstable v2ray-plugin-1.3.2-unstable-2025-09-05
- nixpkgs-unstable v2ray-plugin-1.3.2-unstable-2025-09-05
- nixos-unstable-small v2ray-plugin-1.3.2-unstable-2025-09-05
nixos-25.11 v2ray-plugin-1.3.2-unstable-2025-09-05
- nixos-25.11-small v2ray-plugin-1.3.2-unstable-2025-09-05
- nixpkgs-25.11-darwin v2ray-plugin-1.3.2-unstable-2025-09-05

pkgs.fishPlugins.plugin-sudope

Fish plugin to quickly put 'sudo' in your command

nixos-unstable 0-unstable-2025-09-16
- nixpkgs-unstable 0-unstable-2025-09-16
- nixos-unstable-small 0-unstable-2025-09-16
nixos-25.11 0-unstable-2025-09-16
- nixos-25.11-small 0-unstable-2025-09-16
- nixpkgs-25.11-darwin 0-unstable-2025-09-16

pkgs.haskellPackages.shadowsocks

A fast SOCKS5 proxy that help you get through firewalls

nixos-unstable 1.20180408
- nixpkgs-unstable 1.20180408
- nixos-unstable-small 1.20180408
nixos-25.11 1.20180408
- nixos-25.11-small 1.20180408
- nixpkgs-25.11-darwin 1.20180408