Debian DSA-101-1 : sudo - Local root exploit

Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-101. The text itself is copyrig...

Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)

The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail or equivalent mailer program with root privileges and an environment that is...

CVE-2002-0043

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked...

CVE-2002-0043

This CVE affects sudo versions 1.6.0–1.6.3p7. The issue is that sudo does not properly clear the environment before calling the mail program, allowing a local user to gain root privileges by manipulating environment variables and how the mail program is invoked. Documented impact is local privile...

CVE-2002-0043

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked...