Description
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
Product(s):
- Todd Miller Sudo 1.5.6
- Todd Miller Sudo 1.5.7
- Todd Miller Sudo 1.5.8
- Todd Miller Sudo 1.5.9
- Todd Miller Sudo 1.6.1
- Todd Miller Sudo 1.6.2
- Todd Miller Sudo 1.6.3
- Todd Miller Sudo 1.6.3_p1
- Todd Miller Sudo 1.6.3_p2
- Todd Miller Sudo 1.6.3_p3
- Todd Miller Sudo 1.6.3_p4
- Todd Miller Sudo 1.6.3_p5
- Todd Miller Sudo 1.6.3_p6
- Todd Miller Sudo 1.6.3 p7
- Todd Miller Sudo 1.6.4
- Todd Miller Sudo 1.6.4 Patch 1
- Todd Miller Sudo 1.6.4 Patch 2
- Todd Miller Sudo 1.6.5
- Todd Miller Sudo 1.6.5 Patch 1
- Todd Miller Sudo 1.6.5 Patch 2
- Todd Miller Sudo 1.6.6
- Todd Miller Sudo 1.6.7
- Todd Miller Sudo 1.6.7_p5
- Todd Miller Sudo 1.6.8
- Todd Miller Sudo 1.6.8_p1
- Todd Miller Sudo 1.6.8 Patch 8
- Todd Miller Sudo 1.6
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-1119, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-1119 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.