This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local authenticated user to gain access to sensitive information.
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.Mitigation
Install update from vendor's website.Vulnerable software versions
Sudo: 1.9.0 - 1.9.4p2
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?