published date: June 20, 2005

CVE-2005-1993 : Race Condition Vulnerability

Description

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

Product(s):

Todd Miller Sudo 1.3.1
Todd Miller Sudo 1.5.6
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.9
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6.2
Todd Miller Sudo 1.6.3
Todd Miller Sudo 1.6.3_p1
Todd Miller Sudo 1.6.3_p2
Todd Miller Sudo 1.6.3_p3
Todd Miller Sudo 1.6.3_p4
Todd Miller Sudo 1.6.3_p5
Todd Miller Sudo 1.6.3_p6
Todd Miller Sudo 1.6.3 p7
Todd Miller Sudo 1.6.4
Todd Miller Sudo 1.6.4 Patch 1
Todd Miller Sudo 1.6.4 Patch 2
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.5 Patch 1
Todd Miller Sudo 1.6.5 Patch 2
Todd Miller Sudo 1.6.6
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.7_p5
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.8_p1
Todd Miller Sudo 1.6.8 Patch 7
Todd Miller Sudo 1.6.8 Patch 8
Todd Miller Sudo 1.6

CVSS:3.7 [Critical]
EPSS:0.07%
Exploitability:1.9
In KEV:No

Question to Ask Vendors:

Can you confirm whether your systems are affected by CVE-2005-1993, and if so, what steps are you currently taking to mitigate this vulnerability?
What is your estimated timeline for fully resolving CVE-2005-1993 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions:

Check out the advisory links provided below.

References:

https://nvd.nist.gov/vuln/detail/CVE-2005-1993

READY TO GET RESULTS YOU CAN TRUST?

Get a Demo Contact Sales