CVE-2005-1993

Name of the Vulnerable Software and Affected Versions sudo versions 1.3.1 through 1.6.8p8 sudo version 1.6.5p2 sudo version 1.6.7p5

Description The issue is related to a race condition in sudo when the ALL pseudo-command is used after a user entry in the sudoers file. This can allow local users to gain privileges via a symlink attack, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed locally.

Recommendations For versions 1.3.1 through 1.6.8p8, consider restricting access to the sudoers file to minimize the risk of exploitation. For version 1.6.5p2, as a temporary workaround, consider disabling the use of the ALL pseudo-command in the sudoers file until a patch is available. For version 1.6.7p5, restrict the use of sudo to trusted users only to reduce the risk of privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.