The MITRE CVE dictionary describes this issue as:

Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.

Find out more about CVE-2005-1119 from the MITRE CVE dictionary dictionary and NIST NVD.


We do not consider this a security issue, the bug can only manifest if the software is invoked on a sudoers file that is contained in a world writable directory.