CVE-2005-1993

EPSS 0.07%

sudo - pathname validation race

發布日:2005/6/20修改日:2026/4/28

描述

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

受影響套件(3)

Debian/sudofrom 0, < 1.6.8p9-1
Debian/sudofrom 0, < 1.6.6-1.3woody1
Debian/sudofrom 0, < 1.6.6-1.3woody1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-1993