6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.3%
Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
Debian | 11 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
Debian | 10 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
Debian | 999 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |
Debian | 13 | all | sudo | < 1.8.5p2-1 | sudo_1.8.5p2-1_all.deb |