CVE-2005-1993

CWE-328CWE-916CWE-327Broken Cryptographic Algorithm11 documents9 sources
Severity
3.7LOW
EPSS
0.1%
top 78.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Todd Miller Sudo
Timeline
PublishedJun 20
Latest updateOct 25

Description

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

CVSS vector

AV:L/AC:H/C:P/I:P/A:PExploitability: 1.9 | Impact: 6.4

Affected Packages2 packages

Debiansudo< 1.6.8p9-1+3
NVDtodd_miller/sudo29 versions+28

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

5
GHSA
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard2023-10-25
GHSA
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard2023-10-25
GHSA
GHSA-8q3v-p32x-2pq7: Race condition in sudo 12022-05-01
OSV
CVE-2005-1993: Race condition in sudo 12005-06-20
CVEList
CVE-2005-1993: Race condition in sudo 12005-06-20

📋Vendor Advisories

4
Red Hat
crypto-js: PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard2023-10-25
Ubuntu
sudo vulnerability2005-06-21
Red Hat
security flaw2005-06-20
Debian
CVE-2005-1993: sudo - Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used ...2005

💬Community

1
Bugzilla
CVE-2005-1993 security flaw2018-08-16
CVE-2005-1993 (LOW CVSS 3.7) | Race condition in sudo 1.3.1 up to | cvebase.io