CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command
is enabled, permits a match between the name of the pseudo-command and the
name of an executable file in an arbitrary directory, which allows local
users to gain privileges via a crafted executable file, as demonstrated by
a file named sudoedit in a userβs home directory.
Author | Note |
---|---|
jdstrand | βExploitation of the bug requires that the sudoers file be configured to allow the attacker to run sudoedit. If no users have been granted access to sudoedit there is no impact.β Dapper has 1.6.8. If --secure-path is used and compiled to use execvp(), then sudo should not be vulnerable. Dapper is compiled with --secure-path and happens to use execvp() |