[3.1] sudo: Unauthorized privilege escalation in sudoedit (CVE-2015-5602)
An unauthorized privilege escalation was found in sudoedit when a user
is granted with
root access to modify a particular file that could be located in a
subset of directories.
It seems that sudoedit does not check the full path if a wildcard is
used twice (e.g. /home/*/*/file.txt),
allowing a malicious user to replace the file.txt real file with a
symbolic link to a different location
(e.g. /etc/shadow), which results into unauthorized access. Affected
versions are <= 1.8.14.
References:
https://www.sudo.ws/stable.html\#1.8.15
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-5602
Upstream patch:
http://www.sudo.ws/repos/sudo/rev/9636fd256325
(from redmine: issue id 4859, created on 2015-11-12, closed on 2015-11-30)
- Relations:
- parent #4857 (closed)
- Changesets:
- Revision fba7fa31 by Natanael Copa on 2015-11-13T14:30:36Z:
main/sudo: security upgrade to 1.8.15 (CVE-2015-5602)
fixes #4859