Symlink Attack Vulnerability in sudoedit (sudo -e) in sudo 1.6.8

Symlink Attack Vulnerability in sudoedit (sudo -e) in sudo 1.6.8

CVE-2004-1689 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.

Learn more about our User Device Pen Test.