3.7

CVE-2005-1993

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Todd MillerSudo Version1.3.1
Todd MillerSudo Version1.5.6
Todd MillerSudo Version1.5.7
Todd MillerSudo Version1.5.8
Todd MillerSudo Version1.5.9
Todd MillerSudo Version1.6
Todd MillerSudo Version1.6.1
Todd MillerSudo Version1.6.2
Todd MillerSudo Version1.6.3
Todd MillerSudo Version1.6.3_p1
Todd MillerSudo Version1.6.3_p2
Todd MillerSudo Version1.6.3_p3
Todd MillerSudo Version1.6.3_p4
Todd MillerSudo Version1.6.3_p5
Todd MillerSudo Version1.6.3_p6
Todd MillerSudo Version1.6.3_p7
Todd MillerSudo Version1.6.4
Todd MillerSudo Version1.6.4_p1
Todd MillerSudo Version1.6.4_p2
Todd MillerSudo Version1.6.5
Todd MillerSudo Version1.6.5_p1
Todd MillerSudo Version1.6.5_p2
Todd MillerSudo Version1.6.6
Todd MillerSudo Version1.6.7
Todd MillerSudo Version1.6.7_p5
Todd MillerSudo Version1.6.8
Todd MillerSudo Version1.6.8_p1
Todd MillerSudo Version1.6.8_p7
Todd MillerSudo Version1.6.8_p8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.313
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 3.7 1.9 6.4
AV:L/AC:H/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
http://docs.info.apple.com/article.html?artnum=302847
http://secunia.com/advisories/15744
http://secunia.com/advisories/17813
http://www.debian.org/security/2005/dsa-735
http://www.osvdb.org/17396
http://www.redhat.com/support/errata/RHSA-2005-535.html
http://www.securityfocus.com/archive/1/402741
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/425974/100/0/threaded
http://www.securityfocus.com/bid/13993
http://www.securityfocus.com/bid/15647
http://www.sudo.ws/sudo/alerts/path_race.html
http://www.vupen.com/english/advisories/2005/0821
http://www.vupen.com/english/advisories/2005/2659
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161116
https://exchange.xforce.ibmcloud.com/vulnerabilities/21080
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11341
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1242