{"id":"CVE-2015-5602","details":"sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by \"/home/*/*/file.txt.\"","modified":"2026-04-16T06:23:17.552659388Z","published":"2015-11-17T15:59:10Z","references":[{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171024.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171054.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3440"},{"type":"ADVISORY","url":"http://www.sudo.ws/stable.html#1.8.15"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201606-13"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/37710/"},{"type":"EVIDENCE","url":"http://bugzilla.sudo.ws/show_bug.cgi?id=707"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/37710/"},{"type":"REPORT","url":"http://bugzilla.sudo.ws/show_bug.cgi?id=707"},{"type":"WEB","url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"type":"WEB","url":"http://www.securitytracker.com/id/1034392"}],"schema_version":"1.7.5"}