VDB

GCVE-110-MAGEIA-2016-261

GCVE-110-MAGEIA-2016-261
Advisory Published
Vulnetix · Advisory published July 26, 2016
A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve() to execute the binary. This results in a race condition if the digest functionality is used as suggested (in fact, the rules are matched before the user is prompted for a password, so there is not negligible time frame to replace the binary from underneath sudo) (CVE-2015-8239).

Affected Products

VendorProductVersionsPlatforms
Mageiasudo1.8.17p1-1.mga5 (unaffected), 0 (affected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›