Published: 31/01/2002 Updated: 03/05/2018

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

sudo 1.6.0 up to and including 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Vulnerable Product	Search on Vulmon	Subscribe to Product
todd miller sudo 1.6
todd miller sudo 1.6.3_p4
todd miller sudo 1.6.3_p5
todd miller sudo 1.6.1
todd miller sudo 1.6.2
todd miller sudo 1.6.3_p6
todd miller sudo 1.6.3_p7
todd miller sudo 1.6.3_p2
todd miller sudo 1.6.3_p3
todd miller sudo 1.6.3
todd miller sudo 1.6.3_p1

Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit This problem has been fixed in upstream version 164 as well as in version 162p2-21 for the stable release of Debian GNU/Linux We recommend that you upgrade your sudo packages immediately ...

source: wwwsecurityfocuscom/bid/3871/info Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems It is maintained by Todd C Miller Under some circumstances, sudo does not properly sanitize the environment it executes programs with In the event that sudo is us ...

NVD-CWE-Other http://www.securityfocus.com/archive/1/250168 http://www.redhat.com/support/errata/RHSA-2002-013.html http://www.sudo.ws/sudo/alerts/postfix.html http://www.redhat.com/support/errata/RHSA-2002-011.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451 http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003 http://www.debian.org/security/2002/dsa-101 http://www.securityfocus.com/advisories/3800 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc http://www.securityfocus.com/bid/3871 http://marc.info/?l=bugtraq&m=101120193627756&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/7891 https://nvd.nist.gov https://www.debian.org/security/./dsa-101 https://www.exploit-db.com/exploits/21227/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-0043

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect