Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2005-1831

HistoryJun 02, 2005 - 4:00 a.m.

CVE-2005-1831

2005-06-0204:00:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don’t see how this could happen unless the user’s actual password was empty.

OSVersionArchitecturePackageVersionFilename
Debian12allsudo< 1.9.13p3-1+deb12u1sudo_1.9.13p3-1+deb12u1_all.deb
Debian11allsudo< 1.9.5p2-3+deb11u1sudo_1.9.5p2-3+deb11u1_all.deb
Debian999allsudo< 1.9.15p5-3sudo_1.9.15p5-3_all.deb
Debian13allsudo< 1.9.15p5-3sudo_1.9.15p5-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	sudo	< 1.9.13p3-1+deb12u1	sudo_1.9.13p3-1+deb12u1_all.deb
Debian	11	all	sudo	< 1.9.5p2-3+deb11u1	sudo_1.9.5p2-3+deb11u1_all.deb
Debian	999	all	sudo	< 1.9.15p5-3	sudo_1.9.15p5-3_all.deb
Debian	13	all	sudo	< 1.9.15p5-3	sudo_1.9.15p5-3_all.deb

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.9

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for DEBIANCVE:CVE-2005-1831