|
|
Info |
Last Modified |
| about 1 year ago |
|
|
|
|
Keywords |
CVE-2005-1993
APPLE-SA-2005-11-29 Security Update 2005-009
|
|
Description |
Sudo contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue can be triggered by a user who already has some kind of sudo access, and they can leverage sudo to run arbitrary commands as other users. This flaw will most likely lead to a root compromise.
|
|
Classification |
Location:
Local Access Required
Attack Type:
Race Condition
Impact:
Loss of Integrity
Solution:
Workaround,
Patch
Exploit:
Exploit Available
Disclosure:
Vendor Verified,
OSVDB Verified,
Third Party Verified,
Coordinated Disclosure
|
|
Technical |
The value of safe_cmnd variable can be overwritten by the race condition.
|
|
Solution |
Upgrade to version 1.6.8 patchlevel 9 or higher, as it has been reported to fix this vulnerability. A workaround can be achieved if care is taken in the order of the lines in the sudoers file. Entries with ALL should come after all other entries.
|
|
Products |
|
Sudo
 |
1.3.1 |
1.3.1p2 |
1.3.1p3 |
1.3.1p4 |
1.3.1p5 |
1.3.1p6 |
1.3.1p7 |
1.3.1p8 |
1.3.1p9 |
1.3.1p10 |
1.3.1p11 |
1.3.1p12 |
1.3.1p13 |
1.3.1p14 |
1.3.2 BETA |
1.3.3 BETA |
1.3.4 BETA |
1.3.5 BETA |
1.3.6 BETA |
1.3.7 GAMMA |
1.4 |
1.4.1 |
1.4.2 |
1.4.3 |
1.4.4 |
1.4.5 |
1.5 |
1.5.1 |
1.5.2 |
1.5.3 |
1.5.4 |
1.5.5 |
1.5.6 |
1.5.7 |
1.5.8 |
1.5.8p1 |
1.5.8p2 |
1.6 |
1.6.1 |
1.6.2 |
1.6.3 |
1.6.3p1 |
1.6.3p2 |
1.6.3p3 |
1.6.3p4 |
1.6.3p5 |
1.6.3p6 |
1.6.3p7 |
1.6.4 |
1.6.4p1 |
1.6.4p2 |
1.6.5 |
1.6.5p1 |
1.6.5p2 |
1.6.6 |
1.6.7 |
1.6.7p1 |
1.6.7p2 |
1.6.7p3 |
1.6.7p4 |
1.6.7p5 |
1.6.8 |
1.6.8p1 |
1.6.8p2 |
1.6.8p3 |
1.6.8p4 |
1.6.8p5 |
1.6.8p6 |
1.6.8p7 |
1.6.8p8 |
|
|
|
|
|
|
Credit |
- Charles A. Morris - cmorris
 cs.odu.edu - Old Dominion University
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
