CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
26.0%
An unauthorized privilege escalation was found in sudoedit in sudo before 1.8.15 when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice (e.g. /home///file.txt), allowing a malicious user to replace the file.txt real file with a symbolic link to a different location (e.g. /etc/shadow), which results in unauthorized access (CVE-2015-5602). The sudo package has been updated to version 1.8.15, which fixes this issue, and also includes many other bug fixes and changes. See the upstream change log for details.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 5 | noarch | sudo | < 1.8.15-1 | sudo-1.8.15-1.mga5 |