Lucene search

[email protected]CVE-2004-1689

HistorySep 16, 2004 - 4:00 a.m.

CVE-2004-1689

2004-09-1604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-1689

sudoedit

sudo

symlink attack

nvd

6.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

CPENameOperatorVersion
todd_miller:sudotodd miller sudoeq1.6.8

CPE	Name	Operator	Version
todd_miller:sudo	todd miller sudo	eq	1.6.8

References

marc.info/?l=bugtraq&m=109537972929201&w=2

packetstormsecurity.nl/0409-exploits/sudoedit.txt

secunia.com/advisories/12596

www.ciac.org/ciac/bulletins/o-219.shtml

www.kb.cert.org/vuls/id/424358

www.osvdb.org/10023

www.securityfocus.com/bid/11204

www.sudo.ws/sudo/alerts/sudoedit.html

exchange.xforce.ibmcloud.com/vulnerabilities/17424

6.4 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2004-1689

openvas2 debiancve1