Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-2959

Published: 25/10/2005 Updated: 03/10/2018
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Todd Miller

Vulnerability Summary

Incomplete blacklist vulnerability in sudo 1.6.8 and previous versions allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

todd miller sudo 1.6.3_p2

todd miller sudo 1.6.3_p3

todd miller sudo 1.6.3_p4

todd miller sudo 1.6.3p4

todd miller sudo 1.6.3p5

todd miller sudo 1.6.4p2

todd miller sudo 1.6.5

todd miller sudo 1.6.8

todd miller sudo 1.6

todd miller sudo 1.6.3_p5

todd miller sudo 1.6.3_p6

todd miller sudo 1.6.3p6

todd miller sudo 1.6.3p7

todd miller sudo 1.6.5_p1

todd miller sudo 1.6.5_p2

todd miller sudo 1.6.1

todd miller sudo 1.6.2

todd miller sudo 1.6.3_p7

todd miller sudo 1.6.3p1

todd miller sudo 1.6.4

todd miller sudo 1.6.4_p1

todd miller sudo 1.6.5p1

todd miller sudo 1.6.5p2

todd miller sudo 1.6.3

todd miller sudo 1.6.3_p1

todd miller sudo 1.6.3p2

todd miller sudo 1.6.3p3

todd miller sudo 1.6.4_p2

todd miller sudo 1.6.4p1

todd miller sudo 1.6.6

todd miller sudo 1.6.7

todd miller sudo 1.6.7_p5

Vendor Advisories

Ubuntu Security Notice: sudo vulnerability
Tavis Ormandy discovered a privilege escalation vulnerability in sudo On executing shell scripts with sudo, the “P4” and “SHELLOPTS” environment variables were not cleaned properly If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user ...
Debian Security Advisories: DSA-870-1 sudo -- missing input sanitising
Tavis Ormandy noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently The SHELLOPTS and PS4 variables are dangerous and are still passed through to the program running as privileged user This can result in the execution of arbitrary commands as privileged user when a ...

References

CWE-264http://www.sudo.ws/bugs/show_bug.cgi?id=182http://www.debian.org/security/2005/dsa-870http://secunia.com/advisories/17390http://www.securityfocus.com/advisories/9643http://www.securityfocus.com/bid/15191http://secunia.com/advisories/17318http://secunia.com/advisories/17322http://secunia.com/advisories/17345http://secunia.com/advisories/17666http://www.novell.com/linux/security/advisories/2006_02_sr.htmlhttp://secunia.com/advisories/18549http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.htmlhttp://docs.info.apple.com/article.html?artnum=305214http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://secunia.com/advisories/24479http://www.mandriva.com/security/advisories?name=MDKSA-2005:201http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlhttp://www.vupen.com/english/advisories/2007/0930https://usn.ubuntu.com/213-1/https://usn.ubuntu.com/213-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook