SB2015081406 - Permissions, Privileges, and Access Controls in sudo (Alpine package)
Published: August 14, 2015
Security Bulletin ID
SB2015081406
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-5602)
The vulnerability allows a local non-authenticated attacker to execute arbitrary code.
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=c7dbb7e2966b00bf670a3ab905dfe251914426a9
- https://git.alpinelinux.org/aports/commit/?id=fba7fa3110d1f8d8dc31ef68a5c7d2f0e2cd2886
- https://git.alpinelinux.org/aports/commit/?id=838b3e30f36bfa34a3e0d1fc23ee65723f32ef8b
- https://git.alpinelinux.org/aports/commit/?id=31a086dacff2bf902e509022f3645d00a5d7fe4d