Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
3.7
CVSSv2

CVE-2005-1993

Published: 20/06/2005 Updated: 19/10/2018
CVSS v2 Base Score: 3.7 | Impact Score: 6.4 | Exploitability Score: 1.9
VMScore: 329
Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Summary

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

todd miller sudo 1.5.8

todd miller sudo 1.6.3 p6

todd miller sudo 1.3.1

todd miller sudo 1.5.9

todd miller sudo 1.6.6

todd miller sudo 1.6.8 p7

todd miller sudo 1.6.3

todd miller sudo 1.6.4 p2

todd miller sudo 1.6.1

todd miller sudo 1.6.3 p5

todd miller sudo 1.5.7

todd miller sudo 1.6.2

todd miller sudo 1.6.8

todd miller sudo 1.6.4 p1

todd miller sudo 1.6.3 p2

todd miller sudo 1.6.3 p4

todd miller sudo 1.6.5 p2

todd miller sudo 1.6.5

todd miller sudo 1.6.3 p3

todd miller sudo 1.6.8 p1

todd miller sudo 1.6.5 p1

todd miller sudo 1.6.3 p7

todd miller sudo 1.6

todd miller sudo 1.6.4

todd miller sudo 1.6.7

todd miller sudo 1.6.8 p8

todd miller sudo 1.6.3 p1

todd miller sudo 1.5.6

todd miller sudo 1.6.7 p5

Vendor Advisories

Red Hat: sudo security update
Synopsis sudo security update Type/Severity Security Advisory: Moderate Topic An updated sudo package is available that fixes a race condition in sudo'spathname validationThis update has been rated as having moderate security impact by the RedHat Security Response Team Description The sud ...
Ubuntu Security Notice: sudo vulnerability
Charles Morris discovered a race condition in sudo which could lead to privilege escalation If /etc/sudoers allowed a user the execution of selected programs, and this was followed by another line containing the pseudo-command “ALL”, that user could execute arbitrary commands with sudo by creating symbolic links at a certain time ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/archive/1/402741https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161116http://www.securityfocus.com/bid/13993http://www.sudo.ws/sudo/alerts/path_race.htmlhttp://www.debian.org/security/2005/dsa-735http://www.redhat.com/support/errata/RHSA-2005-535.htmlhttp://docs.info.apple.com/article.html?artnum=302847http://www.securityfocus.com/bid/15647http://secunia.com/advisories/15744http://secunia.com/advisories/17813http://www.osvdb.org/17396http://www.novell.com/linux/security/advisories/2005_36_sudo.htmlhttp://www.vupen.com/english/advisories/2005/0821http://www.vupen.com/english/advisories/2005/2659https://exchange.xforce.ibmcloud.com/vulnerabilities/21080https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1242https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11341http://www.securityfocus.com/archive/1/425974/100/0/threadedhttps://access.redhat.com/errata/RHSA-2005:535https://nvd.nist.govhttps://usn.ubuntu.com/142-1/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044client sideCVE-2021-47601deserializationCVE-2024-34994encryptionCVE-2021-47609CVE-2024-37079CVE-2024-38608
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook