Published: 17/11/2015 Updated: 07/12/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 726

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

sudoedit in Sudo prior to 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

Vulnerable Product	Search on Vulmon	Subscribe to Product
sudo project sudo

Debian Bug report logs - #804149 CVE-2015-5602: Unauthorized privilege escalation in sudoedit Package: sudo; Maintainer for sudo is Bdale Garbee <bdale@gagcom>; Source for sudo is src:sudo (PTS, buildd, popcon) Reported by: Laurent Bigonville <bigon@debianorg> Date: Thu, 5 Nov 2015 13:15:01 UTC Severity: critical ...

When sudo is configured to allow a user to edit files under a directory that they can already write to without using sudo, they can actually edit (read and write) arbitrary files Daniel Svartman reported that a configuration like this might be introduced unintentionally if the editable files are specified using wildcards, for example: operator ALL ...

sudoedit in Sudo before 1815 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/filetxt" ...

# Exploit Title: sudo -e - aka sudoedit - unauthorized privilege escalation # Date: 07-23-2015 # Exploit Author: Daniel Svartman # Version: Sudo <=1814 # Tested on: RHEL 5/6/7 and Ubuntu (all versions) # CVE: CVE-2015-5602 Hello, I found a security bug in sudo (checked in the latest versions of sudo running on RHEL and ubuntu) when a us ...

Sudo <= 1.8.14 Local Privilege Escalation and vulnerable container

Sudo <=1814 Local Privilege Escalation Sudo (su "do") allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments Vulnerable environment To setup a vulnerable environment for your test you will need Docker installed, and just run the following command: doc

cve-2015-5602

CVE-2015-5602 This is part of Cved: a tool to manage vulnerable docker containers Cved: githubcom/git-rep-src/cved Image source: githubcom/cved-sources/cve-2015-5602 Image author: githubcom/t0kx/privesc-CVE-2015-5602

CWE-264 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html http://www.sudo.ws/stable.html#1.8.15 http://bugzilla.sudo.ws/show_bug.cgi?id=707 http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html https://www.exploit-db.com/exploits/37710/https://security.gentoo.org/glsa/201606-13 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.debian.org/security/2016/dsa-3440 http://www.securitytracker.com/id/1034392 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=804149 https://nvd.nist.gov https://github.com/t0kx/privesc-CVE-2015-5602 https://www.exploit-db.com/exploits/37710/https://access.redhat.com/security/cve/cve-2015-5602 https://www.debian.org/security/./dsa-3440

CVE-2015-5602

Vulnerability Summary

Vendor Advisories

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect