Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1689

7 documents6 sources

Severity

2.1LOW

EPSS

0.2%

top 62.11%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Todd Miller Sudo

Timeline

PublishedSep 16

Latest updateApr 29

Description

sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶Debiansudo< 1.6.8p3-1+3

▶NVDtodd_miller/sudo1.6.8

Patches

Patch: packetstormsecurity.nl ↗Patch: secunia.com ↗Patch: www.ciac.org ↗

🔴Vulnerability Details

GHSA

GHSA-53qq-7f4q-p4vg: sudoedit (aka sudo -e) in sudo 1↗2022-04-29

▶

CVEList

CVE-2004-1689: sudoedit (aka sudo -e) in sudo 1↗2005-02-20

▶

OSV

CVE-2004-1689: sudoedit (aka sudo -e) in sudo 1↗2004-09-16

▶

💥Exploits & PoCs

Exploit-DB

Symantec Norton Internet Security 2004 - ActiveX Control Buffer Overflow (Metasploit)↗2010-05-09

▶

Exploit-DB

SudoEdit 1.6.8 - Local Change Permission↗2004-09-21

▶

📋Vendor Advisories

Debian

CVE-2004-1689: sudo - sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges...↗2004

▶