FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-19 18:22:07 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
6193b3f6-548c-11eb-ba01-206a8a720317 | sudo -- Potential information leak in sudoedit
Todd C. Miller reports:
A potential information leak in sudoedit that could be used to
test for the existence of directories not normally accessible to
the user in certain circumstances. When creating a new file,
sudoedit checks to make sure the parent directory of the new file
exists before running the editor. However, a race condition exists
if the invoking user can replace (or create) the parent directory.
If a symbolic link is created in place of the parent directory,
sudoedit will run the editor as long as the target of the link
exists.If the target of the link does not exist, an error message
will be displayed. The race condition can be used to test for the
existence of an arbitrary directory. However, it _cannot_ be used
to write to an arbitrary location.
Discovery 2021-01-11 Entry 2021-01-11 sudo
< 1.9.5
https://www.sudo.ws/stable.html#1.9.5
CVE-2021-23239
|