Lucene search

[email protected]NVD:CVE-2005-1831

HistoryMay 31, 2005 - 4:00 a.m.

CVE-2005-1831

2005-05-3104:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE and multiple third-party researchers have not been able to replicate this issue, stating "Sudo catches SIGINT and returns an empty string for the password so I don’t see how this could happen unless the user’s actual password was empty.

Affected configurations

Nvd

Node

todd_millersudoMatch1.6.8p7

References

archives.neohapsis.com/archives/bugtraq/2005-05/0349.html

archives.neohapsis.com/archives/bugtraq/2005-05/0359.html

marc.info/?l=bugtraq&m=111755694008928&w=2

www.osvdb.org/20417

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.8

Confidence

Low

EPSS

Percentile

5.1%

JSON

Related for NVD:CVE-2005-1831

cvelist1 cve1 ubuntucve1 debiancve1