CVE-2015-5602
published 2015-11-17CVE-2015-5602: sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in…
high7.2CVSS 3.1
AVLACLAuNCCICAC
EXPLOIT
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sudo | < sudo 1.8.15-1.1 (bookworm) | sudo 1.8.15-1.1 (bookworm) |
| sudo_project | sudo | <= 1.8.14 | — |
| sudo_project | sudo | >= 0 < 1.8.15-1.1 | 1.8.15-1.1 |
| sudo_project | sudo | >= 0 < 1.8.15-1.1 | 1.8.15-1.1 |
| sudo_project | sudo | >= 0 < 1.8.15-1.1 | 1.8.15-1.1 |
| sudo_project | sudo | >= 0 < 1.8.15-1.1 | 1.8.15-1.1 |
CVSS provenance
nvd7.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH