CVE-2015-5602

EPSS 5.5%

sudo - security update

發布日:2015/11/17修改日:2026/4/28

描述

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

受影響套件(3)

Debian/sudofrom 0, < 1.8.15-1.1
Debian/sudofrom 0, < 1.7.4p4-2.squeeze.6
Debian/sudofrom 0, < 1.8.5p2-1+nmu3+deb7u1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-5602