Search for vulnerabilities
Vulnerability details: VCID-tgm8-6awk-aaab
Vulnerability ID VCID-tgm8-6awk-aaab
Aliases CVE-2004-1689
Summary sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
Status Published
Exploitability 2.0
Weighted Severity 1.9
Risk 3.8
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00042 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00121 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.00167 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
epss 0.0024 https://api.first.org/data/v1/epss?cve=CVE-2004-1689
cvssv2 2.1 https://nvd.nist.gov/vuln/detail/CVE-2004-1689
Reference id Reference type URL
http://marc.info/?l=bugtraq&m=109537972929201&w=2
http://packetstormsecurity.nl/0409-exploits/sudoedit.txt
https://api.first.org/data/v1/epss?cve=CVE-2004-1689
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1689
http://secunia.com/advisories/12596
https://exchange.xforce.ibmcloud.com/vulnerabilities/17424
http://www.ciac.org/ciac/bulletins/o-219.shtml
http://www.kb.cert.org/vuls/id/424358
http://www.osvdb.org/10023
http://www.securityfocus.com/bid/11204
http://www.sudo.ws/sudo/alerts/sudoedit.html
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
CVE-2004-1689 https://nvd.nist.gov/vuln/detail/CVE-2004-1689
OSVDB-10023;CVE-2004-1689 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/470.c
Data source Exploit-DB
Date added Sept. 20, 2004
Description SudoEdit 1.6.8 - Local Change Permission
Ransomware campaign use Known
Source publication date Sept. 21, 2004
Exploit type local
Platform linux
Source update date March 30, 2016
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2004-1689
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.00344
EPSS Score 0.00042
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.