Home CVE Database CVE-2015-5602

CVE-2015-5602

Description

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by /home/*/*/file.txt.

Priority: High
CVSS v3: 0.0
Publish Date: Nov 17, 2015
Related ID: --
CVSS v2: 7.2
Modified Date: Nov 18, 2015

Find out more about CVE-2015-5602 from the MITRE-CVE dictionary and NIST NVD


Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --

Comments

sudo

Live chat
Online