FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-1993

This CVE name corresponds to:

Entered Topic
2005-06-20 sudo -- local race condition vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-1993
Phase Assigned(20050620)

Description

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

References

Source Reference
BUGTRAQ 20050620 Sudo version 1.6.8p9 now available, fixes security issue.
CONFIRM http://www.sudo.ws/sudo/alerts/path_race.html
CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=161116
APPLE APPLE-SA-2005-11-29
DEBIAN DSA-735
FEDORA FLSA:162750
REDHAT RHSA-2005:535
SUSE SUSE-SA:2005:036
BID 13993
BID 15647
OVAL oval:org.mitre.oval:def:11341
VUPEN ADV-2005-0821
VUPEN ADV-2005-2659
OSVDB 17396
OVAL oval:org.mitre.oval:def:1242
SECUNIA 15744
SECUNIA 17813
XF sudo-pathname-race-condition(21080)