Oval Definition:oval:org.mitre.oval:def:1242
Revision Date:2005-09-21Version:3
Title:sudo Symlink Vulnerability
Description:Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
Family:unixClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-1993
Platform(s):Red Hat Enterprise Linux 3
Product(s):sudo
Definition Synopsis
  • Software section
  • Red Hat Enterprise 3 is installed
  • AND sudo RPM earlier than 0:1.6.7p5-1.1
  • AND Configuration section
  • /etc/sudoers exists
  • AND /usr/bin/sudo is executable by everyone
  • BACK