CVE Vulnerabilities

CVE-2005-2959

Published: Oct 25, 2005 | Modified: Oct 03, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.6 MEDIUM
AV:L/AC:L/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Affected Software

Name Vendor Start Version End Version
Sudo Todd_miller 1.6.3p1 1.6.3p1
Sudo Todd_miller 1.6.3_p6 1.6.3_p6
Sudo Todd_miller 1.6.3p3 1.6.3p3
Sudo Todd_miller 1.6.6 1.6.6
Sudo Todd_miller 1.6.3p2 1.6.3p2
Sudo Todd_miller 1.6.3 1.6.3
Sudo Todd_miller 1.6.4_p2 1.6.4_p2
Sudo Todd_miller 1.6.1 1.6.1
Sudo Todd_miller 1.6.3_p5 1.6.3_p5
Sudo Todd_miller 1.6.2 1.6.2
Sudo Todd_miller 1.6.8 1.6.8
Sudo Todd_miller 1.6.4_p1 1.6.4_p1
Sudo Todd_miller 1.6.3_p2 1.6.3_p2
Sudo Todd_miller 1.6.3_p4 1.6.3_p4
Sudo Todd_miller 1.6.5_p2 1.6.5_p2
Sudo Todd_miller 1.6.4p1 1.6.4p1
Sudo Todd_miller 1.6.5p2 1.6.5p2
Sudo Todd_miller 1.6.5 1.6.5
Sudo Todd_miller 1.6.3_p3 1.6.3_p3
Sudo Todd_miller 1.6.5_p1 1.6.5_p1
Sudo Todd_miller 1.6.3p4 1.6.3p4
Sudo Todd_miller 1.6.3p6 1.6.3p6
Sudo Todd_miller 1.6.3p7 1.6.3p7
Sudo Todd_miller 1.6.3_p7 1.6.3_p7
Sudo Todd_miller 1.6 1.6
Sudo Todd_miller 1.6.4 1.6.4
Sudo Todd_miller 1.6.7 1.6.7
Sudo Todd_miller 1.6.3p5 1.6.3p5
Sudo Todd_miller 1.6.3_p1 1.6.3_p1
Sudo Todd_miller 1.6.4p2 1.6.4p2
Sudo Todd_miller 1.6.5p1 1.6.5p1
Sudo Todd_miller 1.6.7_p5 1.6.7_p5

References