Vulnerabilities > CVE-2004-1689 - Information Disclosure vulnerability in Todd Miller Sudo 1.6.8
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SudoEdit 1.6.8 Local Change Permission Exploit. CVE-2004-1689. Local exploit for linux platform |
| id | EDB-ID:470 |
| last seen | 2016-01-31 |
| modified | 2004-09-21 |
| published | 2004-09-21 |
| reporter | Angelo Rosiello |
| source | https://www.exploit-db.com/download/470/ |
| title | SudoEdit 1.6.8 - Local Change Permission Exploit |
References
- http://marc.info/?l=bugtraq&m=109537972929201&w=2
- http://packetstormsecurity.nl/0409-exploits/sudoedit.txt
- http://secunia.com/advisories/12596
- http://www.ciac.org/ciac/bulletins/o-219.shtml
- http://www.kb.cert.org/vuls/id/424358
- http://www.osvdb.org/10023
- http://www.securityfocus.com/bid/11204
- http://www.sudo.ws/sudo/alerts/sudoedit.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17424