MGASA-2015-0443

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0443.html

Import Source

https://advisories.mageia.org/MGASA-2015-0443.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0443

Related

CVE-2015-5602

Published

2015-11-10T21:26:39Z

Modified

2015-11-10T21:20:17Z

Summary

Updated sudo packages fix security vulnerability

Details

An unauthorized privilege escalation was found in sudoedit in sudo before 1.8.15 when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice (e.g. /home///file.txt), allowing a malicious user to replace the file.txt real file with a symbolic link to a different location (e.g. /etc/shadow), which results in unauthorized access (CVE-2015-5602).

The sudo package has been updated to version 1.8.15, which fixes this issue, and also includes many other bug fixes and changes. See the upstream change log for details.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:5 / sudo

Package

Name: sudo
Purl: pkg:rpm/mageia/sudo?distro=mageia-5

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.15-1.mga5

Ecosystem specific

{
    "section": "core"
}