CVE-2005-1993

Published: Jun 20, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

oval:org.mitre.oval:def:11341

vdb-entry

signature

x_refsource_OVAL

20050620 Sudo version 1.6.8p9 now available, fixes security issue.

mailing-list

x_refsource_BUGTRAQ

17813

third-party-advisory

x_refsource_SECUNIA

ADV-2005-2659

vdb-entry

x_refsource_VUPEN

DSA-735

vendor-advisory

x_refsource_DEBIAN

ADV-2005-0821

vdb-entry

x_refsource_VUPEN

17396

vdb-entry

x_refsource_OSVDB

RHSA-2005:535

vendor-advisory

x_refsource_REDHAT

15744

third-party-advisory

x_refsource_SECUNIA

FLSA:162750

vendor-advisory

x_refsource_FEDORA

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161116

x_refsource_CONFIRM

APPLE-SA-2005-11-29

vendor-advisory

x_refsource_APPLE

13993

vdb-entry

x_refsource_BID

http://www.sudo.ws/sudo/alerts/path_race.html

x_refsource_CONFIRM

15647

vdb-entry

x_refsource_BID

oval:org.mitre.oval:def:1242

vdb-entry

signature

x_refsource_OVAL

sudo-pathname-race-condition(21080)

vdb-entry

x_refsource_XF

SUSE-SA:2005:036

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2005-1993

Description

Affected Products

References