Access Restriction Bypass The advisory has been revoked - it doesn't affect any version of package sudo Open this link in a new tab
Threat Intelligence
Exploit Maturity
Mature
EPSS
0.06% (25th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-UBUNTU1404-SUDO-407057
- published 17 Nov 2015
- disclosed 17 Nov 2015
Introduced: 17 Nov 2015
CVE-2015-5602 Open this link in a new tabAmendment
The Ubuntu security team deemed this advisory irrelevant for Ubuntu:14.04.
NVD Description
Note: Versions mentioned in the description apply only to the upstream sudo package and not the sudo package as distributed by Ubuntu.
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home///file.txt."
References
- http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5602
- http://www.debian.org/security/2016/dsa-3440
- https://security-tracker.debian.org/tracker/CVE-2015-5602
- https://www.exploit-db.com/exploits/37710/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html
- https://security.gentoo.org/glsa/201606-13
- http://bugzilla.sudo.ws/show_bug.cgi?id=707
- http://www.sudo.ws/stable.html#1.8.15
- http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
- http://www.securitytracker.com/id/1034392
- https://www.exploit-db.com/exploits/37710