Suggestions search

Untriaged

Filter by:

With package: sudo-rs

Found 3 matching suggestions

View:

Compact

Detailed

Permalink CVE-2026-35535

7.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): HIGH
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

created 2 weeks ago

In Sudo through 1.9.17p2 before 3e474c2, a failure of a …

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.

References

Affected products

Sudo

<3e474c2f201484be83d994ae10a4e20e8c81bb69

Matching in nixpkgs

pkgs.sudo

Command to run commands as root

nixos-unstable 1.9.17p2
- nixpkgs-unstable 1.9.17p2
- nixos-unstable-small 1.9.17p2
nixos-25.11 1.9.17p2
- nixos-25.11-small 1.9.17p2
- nixpkgs-25.11-darwin 1.9.17p2

pkgs.qsudo

Graphical sudo utility from Project Trident

nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27

pkgs.sudo-rs

Memory safe implementation of sudo and su

nixos-unstable 0.2.13
- nixpkgs-unstable 0.2.13
- nixos-unstable-small 0.2.13
nixos-25.11 0.2.13
- nixos-25.11-small 0.2.13
- nixpkgs-25.11-darwin 0.2.13

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.sudo-font

Font for programmers and command line users

nixos-unstable 3.4
- nixpkgs-unstable 3.4
- nixos-unstable-small 3.4
nixos-25.11 3.4
- nixos-25.11-small 3.4
- nixpkgs-25.11-darwin 3.4

pkgs.darwin.sudo

None

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

nixos-unstable 49.4
- nixpkgs-unstable 49.4
- nixos-unstable-small 49.4
nixos-25.11 49.2
- nixos-25.11-small 49.2
- nixpkgs-25.11-darwin 49.2

pkgs.doas-sudo-shim

Shim for the sudo command that utilizes doas

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.lxqt.lxqt-sudo

GUI frontend for sudo/su

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.yaziPlugins.sudo

Call `sudo` in yazi

nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05

pkgs.libsForQt5.ksudoku

Suduko game

pkgs.kdePackages.ksudoku

KSudoku is a logic-based symbol placement puzzle

nixos-unstable 25.12.3
- nixpkgs-unstable 25.12.3
- nixos-unstable-small 25.12.3
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.plasma5Packages.ksudoku

Suduko game

pkgs.fishPlugins.plugin-sudope

Fish plugin to quickly put 'sudo' in your command

nixos-unstable 0-unstable-2025-09-16
- nixpkgs-unstable 0-unstable-2025-09-16
- nixos-unstable-small 0-unstable-2025-09-16
nixos-25.11 0-unstable-2025-09-16
- nixos-25.11-small 0-unstable-2025-09-16
- nixpkgs-25.11-darwin 0-unstable-2025-09-16

Package maintainers

@dani0854 Danil Suetin <suetin085+nixpkgs@protonmail.com>
@Anomalocaridid Duncan Russell <duncan@anomalocaris.xyz>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@K900 Ilya K. <me@0upti.me>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@NickCao Nick Cao <nickcao@nichi.co>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@exploitoverload Asier Armenteros <nix@exploitoverload.com>
@rhendric Ryan Hendrickson
@nicoonoclaste nicoo <nicoo@debian.org>
@R-VdP Ramses <ramses@well-founded.dev>
@khaneliman Austin Horstman <khaneliman12@gmail.com>

Permalink CVE-2005-4890

created 2 months ago

There is a possible tty hijacking in shadow 4.x before …

There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x before 1.7.4 via "su - user -c program". The user session can be escaped to the parent session by using the TIOCSTI ioctl to push characters into the input buffer to be read by the next process.

References

http://www.openwall.com/lists/oss-security/2014/12/15/5 x_transferredx_refsource_MISC
https://security-tracker.debian.org/tracker/CVE-2005-4890 x_transferredx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2005-4890 x_transferredx_refsource_MISC
https://access.redhat.com/security/cve/cve-2005-4890 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2012/11/06/8 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/05/20/3 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/28/10 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2013/11/29/5 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/10/20/9 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2014/10/21/1 x_transferredx_refsource_MISC
http://www.openwall.com/lists/oss-security/2016/02/25/6 x_transferredx_refsource_MISC

Affected products

sudo

==1.x before 1.7.4

shadow

==4.x before 4.1.5

Matching in nixpkgs

pkgs.su

Suite containing authentication-related tools such as passwd and su

nixos-unstable 4.18.0
- nixpkgs-unstable 4.18.0
- nixos-unstable-small 4.18.0
nixos-25.11 4.18.0
- nixos-25.11-small 4.18.0
- nixpkgs-25.11-darwin 4.18.0

pkgs.sudo

Command to run commands as root

nixos-unstable 1.9.17p2
- nixpkgs-unstable 1.9.17p2
- nixos-unstable-small 1.9.17p2
nixos-25.11 1.9.17p2
- nixos-25.11-small 1.9.17p2
- nixpkgs-25.11-darwin 1.9.17p2

pkgs.qsudo

Graphical sudo utility from Project Trident

nixos-unstable 2020.03.27
- nixpkgs-unstable 2020.03.27
- nixos-unstable-small 2020.03.27
nixos-25.11 2020.03.27
- nixos-25.11-small 2020.03.27
- nixpkgs-25.11-darwin 2020.03.27

pkgs.shadow

Suite containing authentication-related tools such as passwd and su

nixos-unstable 4.18.0
- nixpkgs-unstable 4.18.0
- nixos-unstable-small 4.18.0
nixos-25.11 4.18.0
- nixos-25.11-small 4.18.0
- nixpkgs-25.11-darwin 4.18.0

pkgs.sudo-rs

Memory safe implementation of sudo and su

nixos-unstable 0.2.12
- nixpkgs-unstable 0.2.12
- nixos-unstable-small 0.2.12
nixos-25.11 0.2.12
- nixos-25.11-small 0.2.12
- nixpkgs-25.11-darwin 0.2.12

pkgs.psudohash

Password list generator for orchestrating brute force attacks and cracking hashes

nixos-unstable 1.1.0
- nixpkgs-unstable 1.1.0
- nixos-unstable-small 1.1.0
nixos-25.11 1.1.0
- nixos-25.11-small 1.1.0
- nixpkgs-25.11-darwin 1.1.0

pkgs.shadowenv

reversible directory-local environment variable manipulations

nixos-unstable 3.4.0
- nixpkgs-unstable 3.4.0
- nixos-unstable-small 3.4.0
nixos-25.11 3.4.0
- nixos-25.11-small 3.4.0
- nixpkgs-25.11-darwin 3.4.0

pkgs.shadowfox

Universal dark theme for Firefox while adhering to the modern design principles set by Mozilla

nixos-unstable 2.2.0
- nixpkgs-unstable 2.2.0
- nixos-unstable-small 2.2.0
nixos-25.11 2.2.0
- nixos-25.11-small 2.2.0
- nixpkgs-25.11-darwin 2.2.0

pkgs.sudo-font

Font for programmers and command line users

nixos-unstable 3.4
- nixpkgs-unstable 3.4
- nixos-unstable-small 3.4
nixos-25.11 3.4
- nixos-25.11-small 3.4
- nixpkgs-25.11-darwin 3.4

pkgs.shadow-tls

Proxy to expose real tls handshake to the firewall

nixos-unstable 0.2.25
- nixpkgs-unstable 0.2.25
- nixos-unstable-small 0.2.25
nixos-25.11 0.2.25
- nixos-25.11-small 0.2.25
- nixpkgs-25.11-darwin 0.2.25

pkgs.darwin.sudo

None

pkgs.gnome-sudoku

Test your logic skills in this number grid puzzle

nixos-unstable 49.4
- nixpkgs-unstable 49.4
- nixos-unstable-small 49.4
nixos-25.11 49.2
- nixos-25.11-small 49.2
- nixpkgs-25.11-darwin 49.2

pkgs.doas-sudo-shim

Shim for the sudo command that utilizes doas

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.lxqt.lxqt-sudo

GUI frontend for sudo/su

nixos-unstable 2.3.0
- nixpkgs-unstable 2.3.0
- nixos-unstable-small 2.3.0
nixos-25.11 2.3.0
- nixos-25.11-small 2.3.0
- nixpkgs-25.11-darwin 2.3.0

pkgs.go-shadowsocks2

Fresh implementation of Shadowsocks in Go

nixos-unstable shadowsocks2-0.1.5
- nixpkgs-unstable shadowsocks2-0.1.5
- nixos-unstable-small shadowsocks2-0.1.5
nixos-25.11 shadowsocks2-0.1.5
- nixos-25.11-small shadowsocks2-0.1.5
- nixpkgs-25.11-darwin shadowsocks2-0.1.5

pkgs.shadowsocks-rust

Rust port of Shadowsocks

nixos-unstable 1.24.0
- nixpkgs-unstable 1.24.0
- nixos-unstable-small 1.24.0
nixos-25.11 1.23.5
- nixos-25.11-small 1.23.5
- nixpkgs-25.11-darwin 1.23.5

pkgs.yaziPlugins.sudo

Call `sudo` in yazi

nixos-unstable 0-unstable-2025-11-05
- nixpkgs-unstable 0-unstable-2025-11-05
- nixos-unstable-small 0-unstable-2025-11-05
nixos-25.11 0-unstable-2025-11-05
- nixos-25.11-small 0-unstable-2025-11-05
- nixpkgs-25.11-darwin 0-unstable-2025-11-05

pkgs.shadowsocks-libev

Lightweight secured SOCKS5 proxy

nixos-unstable 3.3.5
- nixpkgs-unstable 3.3.5
- nixos-unstable-small 3.3.5
nixos-25.11 3.3.5
- nixos-25.11-small 3.3.5
- nixpkgs-25.11-darwin 3.3.5

pkgs.libsForQt5.ksudoku

Suduko game

pkgs.kdePackages.ksudoku

KSudoku is a logic-based symbol placement puzzle

nixos-unstable 25.12.2
- nixpkgs-unstable 25.12.2
- nixos-unstable-small 25.12.2
nixos-25.11 25.08.3
- nixos-25.11-small 25.08.3
- nixpkgs-25.11-darwin 25.08.3

pkgs.typstPackages.shadowed

Box shadows for Typst

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.plasma5Packages.ksudoku

Suduko game

pkgs.shadowsocks-v2ray-plugin

Yet another SIP003 plugin for shadowsocks, based on v2ray

nixos-unstable v2ray-plugin-1.3.2-unstable-2025-09-05
- nixpkgs-unstable v2ray-plugin-1.3.2-unstable-2025-09-05
- nixos-unstable-small v2ray-plugin-1.3.2-unstable-2025-09-05
nixos-25.11 v2ray-plugin-1.3.2-unstable-2025-09-05
- nixos-25.11-small v2ray-plugin-1.3.2-unstable-2025-09-05
- nixpkgs-25.11-darwin v2ray-plugin-1.3.2-unstable-2025-09-05

pkgs.fishPlugins.plugin-sudope

Fish plugin to quickly put 'sudo' in your command

nixos-unstable 0-unstable-2025-09-16
- nixpkgs-unstable 0-unstable-2025-09-16
- nixos-unstable-small 0-unstable-2025-09-16
nixos-25.11 0-unstable-2025-09-16
- nixos-25.11-small 0-unstable-2025-09-16
- nixpkgs-25.11-darwin 0-unstable-2025-09-16

pkgs.haskellPackages.shadowsocks

A fast SOCKS5 proxy that help you get through firewalls

nixos-unstable 1.20180408
- nixpkgs-unstable 1.20180408
- nixos-unstable-small 1.20180408
nixos-25.11 1.20180408
- nixos-25.11-small 1.20180408
- nixpkgs-25.11-darwin 1.20180408

pkgs.typstPackages.shadowed_0_1_0

Box shadows for Typst

nixos-unstable 0.1.0
- nixpkgs-unstable 0.1.0
- nixos-unstable-small 0.1.0
nixos-25.11 0.1.0
- nixos-25.11-small 0.1.0
- nixpkgs-25.11-darwin 0.1.0

pkgs.typstPackages.shadowed_0_1_1

Box shadows for Typst

nixos-unstable 0.1.1
- nixpkgs-unstable 0.1.1
- nixos-unstable-small 0.1.1
nixos-25.11 0.1.1
- nixos-25.11-small 0.1.1
- nixpkgs-25.11-darwin 0.1.1

pkgs.typstPackages.shadowed_0_1_2

Box shadows for Typst

nixos-unstable 0.1.2
- nixpkgs-unstable 0.1.2
- nixos-unstable-small 0.1.2
nixos-25.11 0.1.2
- nixos-25.11-small 0.1.2
- nixpkgs-25.11-darwin 0.1.2

pkgs.typstPackages.shadowed_0_2_0

Box shadows for Typst

nixos-unstable 0.2.0
- nixpkgs-unstable 0.2.0
- nixos-unstable-small 0.2.0
nixos-25.11 0.2.0
- nixos-25.11-small 0.2.0
- nixpkgs-25.11-darwin 0.2.0

pkgs.wayfirePlugins.wayfire-shadows

Wayfire plugin that adds window shadows

pkgs.haskellPackages.Unixutils-shadow

A simple interface to shadow passwords (aka, shadow.h)

nixos-unstable 1.0.0
- nixpkgs-unstable 1.0.0
- nixos-unstable-small 1.0.0
nixos-25.11 1.0.0
- nixos-25.11-small 1.0.0
- nixpkgs-25.11-darwin 1.0.0

pkgs.obs-studio-plugins.obs-stroke-glow-shadow

OBS plugin to provide efficient Stroke, Glow, and Shadow effects on masked sources

nixos-unstable v1.5.2
- nixpkgs-unstable v1.5.2
- nixos-unstable-small v1.5.2
nixos-25.11 v1.5.2
- nixos-25.11-small v1.5.2
- nixpkgs-25.11-darwin v1.5.2

pkgs.tests.hardeningFlags.shadowStackExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.shadowStackExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.shadowStackExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.allExplicitDisabledShadowStack

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.shadowStackExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.shadowStackExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.shadowStackExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledShadowStack

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.allExplicitDisabledShadowStack

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@dani0854 Danil Suetin <suetin085+nixpkgs@protonmail.com>
@Anomalocaridid Duncan Russell <duncan@anomalocaris.xyz>
@dasj19 Daniel Șerbănescu <daniel@serbanescu.dk>
@bobby285271 Bobby Rong <rjl931189261@126.com>
@jtojnar Jan Tojnar <jtojnar@gmail.com>
@hedning Tor Hedin Brønner <torhedinbronner@gmail.com>
@oxzi Alvar Penning <post@0x21.biz>
@K900 Ilya K. <me@0upti.me>
@ttuegel Thomas Tuegel <ttuegel@mailbox.org>
@NickCao Nick Cao <nickcao@nichi.co>
@SuperSandro2000 Sandro Jäckel <sandro.jaeckel@gmail.com>
@LunNova Luna Nova <nixpkgs-maintainer@lunnova.dev>
@ilya-fedin Ilya Fedin <fedin-ilja2010@ya.ru>
@mjm Matt Moriarity <matt@mattmoriarity.com>
@romildo José Romildo Malaquias <malaquias@gmail.com>
@exploitoverload Asier Armenteros <nix@exploitoverload.com>
@oluceps oluceps <nixos@oluceps.uk>
@ahrzb AmirHossein Roozbahani <ahrzb5@gmail.com>
@rhendric Ryan Hendrickson
@R-VdP Ramses <ramses@well-founded.dev>
@nicoonoclaste nicoo <nicoo@debian.org>
@cherrypiejam Gongqi Huang
@wineee Lu Hongxu <lhongxu@outlook.com>
@khaneliman Austin Horstman <khaneliman12@gmail.com>
@flexiondotorg Martin Wimpress <martin@wimpress.org>
@RossSmyth Ross Smyth

Permalink CVE-2025-64517

4.4 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): HIGH
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): HIGH
Availability impact (A): NONE

created 2 months, 1 week ago

sudo-rs doesn't record authenticating user properly in timestamp

sudo-rs is a memory safe implementation of sudo and su written in Rust. With `Defaults targetpw` (or `Defaults rootpw`) enabled, the password of the target account (or root account) instead of the invoking user is used for authentication. sudo-rs starting in version 0.2.5 and prior to version 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the authentication timestamp. Any later `sudo` invocation on the same terminal while the timestamp was still valid would use that timestamp, potentially bypassing new authentication even if the policy would have required it. A highly-privileged user (able to run commands as other users, or as root, through sudo) who knows one password of an account they are allowed to run commands as, would be able to run commands as any other account the policy permits them to run commands for, even if they don't know the password for those accounts. A common instance of this would be that a user can still use their own password to run commands as root (the default behaviour of `sudo`), effectively negating the intended behaviour of the `targetpw` or `rootpw` options. Version 0.2.10 contains a patch for the issue. Versions prior to 0.2.5 are not affected, since they do not offer `Defaults targetpw` or `Defaults rootpw`.

References

https://github.com/trifectatechfoundation/sudo-rs/security/advisories/GHSA-q428-6v73-fc4q x_refsource_CONFIRM
https://github.com/trifectatechfoundation/sudo-rs/releases/tag/v0.2.10 x_refsource_MISC
https://github.com/trifectatechfoundation/sudo-rs/commit/8423fd986c3fa58b357f238c0db5e54baca5255d. x_refsource_MISC

Affected products

sudo-rs

==>= 0.2.5, < 0.2.10

Matching in nixpkgs

pkgs.sudo-rs

Memory safe implementation of sudo and su

nixos-unstable 0.2.8
- nixpkgs-unstable 0.2.11
- nixos-unstable-small 0.2.11
nixos-25.11 0.2.11
- nixpkgs-25.11-darwin 0.2.11

Package maintainers

@R-VdP Ramses <ramses@well-founded.dev>
@nicoonoclaste nicoo <nicoo@debian.org>