CVE-2015-5602

Sudo <1.8.15 - Privilege Escalation

Title source: llm

Description

sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."

Exploits (3)

exploitdb WRITEUP VERIFIED

by daniel svartman · textlocallinux

https://www.exploit-db.com/exploits/37710

View Code ZIP pw:eip

nomisec WORKING POC 15 stars

by t0kx · poc

https://github.com/t0kx/privesc-CVE-2015-5602

View Code ZIP pw:eip

nomisec STUB

by cved-sources · poc

https://github.com/cved-sources/cve-2015-5602

View Code ZIP pw:eip

References (9)

Core 9

Core References

Exploit, Issue Tracking x_refsource_confirm

http://bugzilla.sudo.ws/show_bug.cgi?id=707

Release Notes, Vendor Advisory x_refsource_confirm

http://www.sudo.ws/stable.html#1.8.15

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034392

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2016/dsa-3440

Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201606-13

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/37710/

Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html

Scores

EPSS 0.0551

EPSS Percentile 90.3%

Details

CWE

CWE-264

Status published

Products (1)

sudo_project/sudo < 1.8.14

Published Nov 17, 2015

Tracked Since Feb 18, 2026