MGASA-2015-0443

Source
https://advisories.mageia.org/MGASA-2015-0443.html
Import Source
https://advisories.mageia.org/MGASA-2015-0443.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2015-0443
Related
Published
2015-11-10T21:26:39Z
Modified
2015-11-10T21:20:17Z
Summary
Updated sudo packages fix security vulnerability
Details

An unauthorized privilege escalation was found in sudoedit in sudo before 1.8.15 when a user is granted with root access to modify a particular file that could be located in a subset of directories. It seems that sudoedit does not check the full path if a wildcard is used twice (e.g. /home///file.txt), allowing a malicious user to replace the file.txt real file with a symbolic link to a different location (e.g. /etc/shadow), which results in unauthorized access (CVE-2015-5602).

The sudo package has been updated to version 1.8.15, which fixes this issue, and also includes many other bug fixes and changes. See the upstream change log for details.

References
Credits

Affected packages

Mageia:5 / sudo

Package

Name
sudo
Purl
pkg:rpm/mageia/sudo?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.15-1.mga5

Ecosystem specific

{
    "section": "core"
}