Lucene search

K
freebsdFreeBSD3BF157FA-E1C6-11D9-B875-0001020EED82
HistoryJun 20, 2005 - 12:00 a.m.

sudo -- local race condition vulnerability

2005-06-2000:00:00
vuxml.freebsd.org
8

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

27.0%

Todd C. Miller reports:

A race condition in Sudo’s command pathname handling
prior to Sudo version 1.6.8p9 that could allow a user with
Sudo privileges to run arbitrary commands.
Exploitation of the bug requires that the user be allowed
to run one or more commands via Sudo and be able to create
symbolic links in the filesystem. Furthermore, a sudoers
entry giving another user access to the ALL pseudo-command
must follow the user’s sudoers entry for the race to
exist.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsudo< 1.6.8.9UNKNOWN

CVSS2

3.7

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

EPSS

0.001

Percentile

27.0%