6.8 Medium
AI Score
Confidence
Low
6.2 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:H/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
Evan Broder and Anders Kaseorg discovered that sudo did not properly
sanitize its environment when configured to use secure_path (the default in
Ubuntu). A local attacker could exploit this to execute arbitrary code as
root if sudo was configured to allow the attacker to use a program that
interpreted the PATH environment variable.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.10 | noarch | sudo-ldap | < 1.7.0-1ubuntu2.4 | UNKNOWN |
Ubuntu | 9.10 | noarch | sudo | < 1.7.0-1ubuntu2.4 | UNKNOWN |
Ubuntu | 9.04 | noarch | sudo-ldap | < 1.6.9p17-1ubuntu3.3 | UNKNOWN |
Ubuntu | 9.04 | noarch | sudo | < 1.6.9p17-1ubuntu3.3 | UNKNOWN |
Ubuntu | 8.04 | noarch | sudo-ldap | < 1.6.9p10-1ubuntu3.8 | UNKNOWN |
Ubuntu | 8.04 | noarch | sudo | < 1.6.9p10-1ubuntu3.8 | UNKNOWN |
Ubuntu | 6.06 | noarch | sudo-ldap | < 1.6.8p12-1ubuntu6.3 | UNKNOWN |
Ubuntu | 6.06 | noarch | sudo | < 1.6.8p12-1ubuntu6.3 | UNKNOWN |
Ubuntu | 10.04 | noarch | sudo-ldap | < 1.7.2p1-1ubuntu5.1 | UNKNOWN |
Ubuntu | 10.04 | noarch | sudo | < 1.7.2p1-1ubuntu5.1 | UNKNOWN |