ID CVE-2002-0043
Summary sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
References
Vulnerable Configurations
  • cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
  • cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
    cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 03-05-2018 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
redhat via4
advisories
  • rhsa
    id RHSA-2002:011
  • rhsa
    id RHSA-2002:013
refmap via4
bid 3871
bugtraq
  • 20020114 Sudo version 1.6.4 now available (fwd)
  • 20020116 Sudo +Postfix Exploit
conectiva CLA-2002:451
debian DSA-101
engarde ESA-20020114-001
freebsd FreeBSD-SA-02:06
immunix IMNX-2002-70-001-01
mandrake MDKSA-2002:003
misc http://www.sudo.ws/sudo/alerts/postfix.html
suse SuSE-SA:2002:002
xf sudo-unclean-env-root(7891)
Last major update 03-05-2018 - 01:29
Published 31-01-2002 - 05:00
Last modified 03-05-2018 - 01:29
Back to Top