Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1993

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2005-1993
Last Modified 07 Mar 2011 09:23:12
Published 20 Jun 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-1993

Summary

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

Vulnerable Systems

Application

  • Todd Miller Sudo 1.3.1

  • Todd Miller Sudo 1.5.6

  • Todd Miller Sudo 1.5.7

  • Todd Miller Sudo 1.5.8

  • Todd Miller Sudo 1.5.9

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3 P1

  • Todd Miller Sudo 1.6.3 P2

  • Todd Miller Sudo 1.6.3 P3

  • Todd Miller Sudo 1.6.3 P4

  • Todd Miller Sudo 1.6.3 P5

  • Todd Miller Sudo 1.6.3 P6

  • Todd Miller Sudo 1.6.3 P7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4 P1

  • Todd Miller Sudo 1.6.4 P2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5 P1

  • Todd Miller Sudo 1.6.5 P2

  • Todd Miller Sudo 1.6.6

  • Todd Miller Sudo 1.6.7

  • Todd Miller Sudo 1.6.7 P5

  • Todd Miller Sudo 1.6.8

  • Todd Miller Sudo 1.6.8 P1

  • Todd Miller Sudo 1.6.8 P7

  • Todd Miller Sudo 1.6.8 P8


References

BUGTRAQ - 20050620 Sudo version 1.6.8p9 now available, fixes security issue.

CONFIRM - https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161116

VUPEN - ADV-2005-2659

VUPEN - ADV-2005-0821

BID - 13993

XF - sudo-pathname-race-condition(21080)

CONFIRM - http://www.sudo.ws/sudo/alerts/path_race.html

BID - 15647

FEDORA - FLSA:162750

REDHAT - RHSA-2005:535

OSVDB - 17396

SUSE - SUSE-SA:2005:036

DEBIAN - DSA-735

SECUNIA - 17813

SECUNIA - 15744

APPLE - APPLE-SA-2005-11-29


Last Updated: 27 May 2016 10:40:22