FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6193b3f6-548c-11eb-ba01-206a8a720317	sudo -- Potential information leak in sudoedit Todd C. Miller reports: A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists.If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location. Discovery 2021-01-11 Entry 2021-01-11 sudo lt 1.9.5 https://www.sudo.ws/stable.html#1.9.5 CVE-2021-23239

VuXML ID

Description

6193b3f6-548c-11eb-ba01-206a8a720317

sudo -- Potential information leak in sudoedit

Todd C. Miller reports:

A potential information leak in sudoedit that could be used to test for the existence of directories not normally accessible to the user in certain circumstances. When creating a new file, sudoedit checks to make sure the parent directory of the new file exists before running the editor. However, a race condition exists if the invoking user can replace (or create) the parent directory. If a symbolic link is created in place of the parent directory, sudoedit will run the editor as long as the target of the link exists.If the target of the link does not exist, an error message will be displayed. The race condition can be used to test for the existence of an arbitrary directory. However, it _cannot_ be used to write to an arbitrary location.

Discovery 2021-01-11
Entry 2021-01-11
sudo

lt 1.9.5

https://www.sudo.ws/stable.html#1.9.5
CVE-2021-23239