CVE-2015-5602

Sudo <1.8.15 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-5602. PoCs published by daniel svartman, t0kx, cved-sources.

AI-analyzed exploit summary This writeup describes a privilege escalation vulnerability in sudoedit (CVE-2015-5602) where wildcard path handling allows symbolic link manipulation to access unauthorized files like /etc/shadow. The exploit leverages improper path validation when wildcards are used twice in the sudoers configuration.

Description

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

Exploits (3)

exploitdb WRITEUP VERIFIED
by daniel svartman · textlocallinux
https://www.exploit-db.com/exploits/37710

This writeup describes a privilege escalation vulnerability in sudoedit (CVE-2015-5602) where wildcard path handling allows symbolic link manipulation to access unauthorized files like /etc/shadow. The exploit leverages improper path validation when wildcards are used twice in the sudoers configuration.

Classification
Writeup 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sudo <=1.8.14
Auth required
Prerequisites: sudoers entry with wildcard path (e.g., /home/*/*/file.txt) · ability to create symbolic links in a subdirectory
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 15 stars
by t0kx · poc
https://github.com/t0kx/privesc-CVE-2015-5602

This exploit leverages a symlink attack in sudoedit (CVE-2015-5602) to manipulate the /etc/shadow file and change the root password, achieving local privilege escalation. The PoC creates a malicious EDITOR script to modify the shadow file when sudoedit is invoked with a wildcard path.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sudo <=1.8.14
Auth required
Prerequisites: sudoedit access with wildcard path (e.g., /home/*/*/esc.txt) · ability to create symlinks and directories
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec STUB
by cved-sources · poc
https://github.com/cved-sources/cve-2015-5602

This repository is a stub for CVE-2015-5602, referencing a Docker container management tool (Cved) and an external GitHub repository for the actual exploit. No exploit code is present in the provided files.

Classification
Stub 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: unknown (referenced exploit targets a privilege escalation vulnerability)
No auth needed
Prerequisites: access to the referenced external repository
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Issue Tracking x_refsource_confirm
http://bugzilla.sudo.ws/show_bug.cgi?id=707
Release Notes, Vendor Advisory x_refsource_confirm
http://www.sudo.ws/stable.html#1.8.15
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034392
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2016/dsa-3440
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201606-13
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37710/
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html

Scores

EPSS 0.0146
EPSS Percentile 70.1%

Details

CWE
CWE-264
Status published
Products (1)
sudo_project/sudo < 1.8.14
Published Nov 17, 2015
Tracked Since Feb 18, 2026