Lucene search

K
suseSuseSUSE-SA:2005:036
HistoryJun 24, 2005 - 12:44 p.m.

race condition, arbitrary code execution in sudo

2005-06-2412:44:43
lists.opensuse.org
11

0.684 Medium

EPSS

Percentile

97.6%

Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attacking user needs to be listed in the sudoers file, he is able to create symbolic links in the filesystem, and a ALL alias- command needs to follow the attackers entry.

Solution

It is recommended to install the updated packages.

0.684 Medium

EPSS

Percentile

97.6%

Related for SUSE-SA:2005:036