diff options
author | simon <simon@FreeBSD.org> | 2005-06-21 04:18:18 +0800 |
---|---|---|
committer | simon <simon@FreeBSD.org> | 2005-06-21 04:18:18 +0800 |
commit | db6760ec5f704cc5a151648c93599e62d318d9b4 (patch) | |
tree | 7ed329cd9bfb4789a5b9dbc734cb0c8ce4c97a9e /security | |
parent | 1c424aa0b52cb559031b9592b01ba391d5e4fd3d (diff) | |
download | freebsd-ports-gnome-db6760ec5f704cc5a151648c93599e62d318d9b4.tar.gz freebsd-ports-gnome-db6760ec5f704cc5a151648c93599e62d318d9b4.tar.zst freebsd-ports-gnome-db6760ec5f704cc5a151648c93599e62d318d9b4.zip |
Document sudo -- local race condition vulnerability.
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c920c55115a1..c3f349c2ffbc 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,40 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3bf157fa-e1c6-11d9-b875-0001020eed82"> + <topic>sudo -- local race condition vulnerability</topic> + <affects> + <package> + <name>sudo</name> + <range><lt>1.6.8.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Todd C. Miller reports:</p> + <blockquote cite="http://marc.theaimsgroup.com/?l=bugtraq&m=111928183431376"> + <p>A race condition in Sudo's command pathname handling + prior to Sudo version 1.6.8p9 that could allow a user with + Sudo privileges to run arbitrary commands.</p> + <p>Exploitation of the bug requires that the user be allowed + to run one or more commands via Sudo and be able to create + symbolic links in the filesystem. Furthermore, a sudoers + entry giving another user access to the ALL pseudo-command + must follow the user's sudoers entry for the race to + exist.</p> + </blockquote> + </body> + </description> + <references> + <bid>13993</bid> + <mlist msgid="200506201424.j5KEOhQI024645@xerxes.courtesan.com">http://marc.theaimsgroup.com/?l=bugtraq&m=111928183431376</mlist> + </references> + <dates> + <discovery>2005-06-20</discovery> + <entry>2005-06-20</entry> + </dates> + </vuln> + <vuln vid="b02c1d80-e1bb-11d9-b875-0001020eed82"> <topic>trac -- file upload/download vulnerability</topic> <affects> |