CVE-2005-1993

EPSS 0.07%

sudo - pathname validation race

Published: 6/20/2005Modified: 4/28/2026

Description

Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.

Affected packages (3)

Debian/sudofrom 0, < 1.6.8p9-1
Debian/sudofrom 0, < 1.6.6-1.3woody1
Debian/sudofrom 0, < 1.6.6-1.3woody1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-1993