CVE-2005-1993
sudo - pathname validation race
EPSS 0.07%
Description
Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
How to fix CVE-2005-1993
To remediate CVE-2005-1993, upgrade the affected package to a fixed version below.
- Debian/sudo—upgrade to 1.6.8p9-1 or later
- Debian/sudo—upgrade to 1.6.6-1.3woody1 or later
- Debian/sudo—upgrade to 1.6.6-1.3woody1 or later
Is CVE-2005-1993 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.6.8p9-1
- from 0, < 1.6.6-1.3woody1
- from 0, < 1.6.6-1.3woody1