{"vuid":"VU#424358","idnumber":"424358","name":"sudoedit can expose protected file contents","keywords":["sudo","sudo - e","symbolic links","sudoedit","sudo -u"],"overview":"Sudo's -e option (sudoedit) improperly handles temporary files, allowing an attacker to read files that would otherwise be inaccessible.","clean_desc":"Sudo is a utility that allows specific users to run certain commands as root. Beginning with version 1.6.8, sudo provides safe editing functionality via sudoedit. Sudoedit allows specific users to edit certain files as root, as specified by the sudoers configuration file. When sudoedit launches the specified editor, it reopens a temporary copy of the file to be edited with root privileges. If this temporary file is changed to be a symlink to a file with restricted access, the editor will display the contents of the file with restricted access.","impact":"An authenticated user who has the permissions to run sudoedit may be able to read protected files.","resolution":"Apply a patch from your vendor\nFor vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document. Upgrade your version of sudo Upgrade your system as specified by your vendor. If you need to upgrade sudo manually, get sudo 1.6.8p1. Note that only sudo 1.6.8 contains this vulnerability. Previous versions are not affected.","workarounds":"Disable sudoedit This vulnerability is only exploitable if a user has explicitly been granted sudoedit permissions. If the sudoers configuration file does not grant permission to run sudoedit, then the vulnerability cannot be exploited.","sysaffected":"","thanks":"This vulnerability was reported by Reznic Valery.","author":"This document was written by Will Dormann and is based on the information in the Sudo Alert .","public":["http://www.sudo.ws/sudo/alerts/sudoedit.html","http://secunia.com/advisories/12596/","http://xforce.iss.net/xforce/xfdb/17424","http://www.securityfocus.com/archive/1/375434/2004-09-13/2004-09-19/0","http://www.securityfocus.com/bid/11204/info/","http://www.securitytracker.com/alerts/2004/Sep/1011342.html","http://www.osvdb.org/10023"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-09-20T18:31:36Z","publicdate":"2004-09-18T00:00:00Z","datefirstpublished":"2004-10-19T18:26:22Z","dateupdated":"2004-10-27T21:29:03Z","revision":12,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"10","cam_internetinfrastructure":"5","cam_population":"10","cam_impact":"8","cam_easeofexploitation":"20","cam_attackeraccessrequired":"5","cam_scorecurrent":"5.25","cam_scorecurrentwidelyknown":"5.25","cam_scorecurrentwidelyknownexploited":"6.75","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.25,"vulnote":null}