CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
0.4%
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
Vendor | Product | Version | CPE |
---|---|---|---|
todd_miller | sudo | 1.6 | cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.1 | cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.2 | cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3 | cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3_p1 | cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3_p2 | cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3_p3 | cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3_p4 | cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3_p5 | cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:* |
todd_miller | sudo | 1.6.3_p6 | cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:* |
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
marc.info/?l=bugtraq&m=101120193627756&w=2
www.debian.org/security/2002/dsa-101
www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
www.redhat.com/support/errata/RHSA-2002-011.html
www.redhat.com/support/errata/RHSA-2002-013.html
www.securityfocus.com/advisories/3800
www.securityfocus.com/archive/1/250168
www.securityfocus.com/bid/3871
www.sudo.ws/sudo/alerts/postfix.html
exchange.xforce.ibmcloud.com/vulnerabilities/7891