Race condition in Sudo's pathname validation, version <= 1.6.8p9
Simon L. Nielsen
simon at FreeBSD.org
Mon Nov 14 08:48:36 PST 2005
On 2005.11.14 21:58:49 +0600, Dmitry Grigorovich wrote:
> http://sudo.ws/sudo/alerts/path_race.html
See http://vuxml.FreeBSD.org/3bf157fa-e1c6-11d9-b875-0001020eed82.html
for details regarding this vulnerability in the context of the FreeBSD
Ports Collection.
Note that this is a rather old issue which was published 2005-06-20.
--
Simon L. Nielsen
FreeBSD Security Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-security/attachments/20051114/5da4c5d9/attachment.bin
More information about the freebsd-security
mailing list