Arbitrary File Overwrite

2019-01-1508:55:30

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.0004 Low

EPSS

Percentile

5.1%

JSON

sudo is vulnerable to arbitrary file overwrite attacks. The vulnerability exists as a certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.

CPENameOperatorVersion
sudoeq1.7.2p1__9.el5_5
sudoeq1.7.2p1__6.el5_5
sudoeq1.7.2p1__13.el5
sudoeq1.7.2p1__7.el5_5
sudoeq1.6.9p17__6.el5_4
sudoeq1.7.2p1__10.el5
sudoeq1.6.9p17__3.el5_3.1
sudoeq1.7.2p1__8.el5_5
sudoeq1.6.9p17__3.el5
sudoeq1.6.9p17__5.el5

Name	Operator	Version
sudo	eq	1.7.2p1__9.el5_5
sudo	eq	1.7.2p1__6.el5_5
sudo	eq	1.7.2p1__13.el5
sudo	eq	1.7.2p1__7.el5_5
sudo	eq	1.6.9p17__6.el5_4
sudo	eq	1.7.2p1__10.el5
sudo	eq	1.6.9p17__3.el5_3.1
sudo	eq	1.7.2p1__8.el5_5
sudo	eq	1.6.9p17__3.el5
sudo	eq	1.6.9p17__5.el5