Incomplete blacklist vulnerability in sudo 1.6.8 and previous versions allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
todd miller sudo 1.6.3_p2 |
||
todd miller sudo 1.6.3_p3 |
||
todd miller sudo 1.6.3_p4 |
||
todd miller sudo 1.6.3p4 |
||
todd miller sudo 1.6.3p5 |
||
todd miller sudo 1.6.4p2 |
||
todd miller sudo 1.6.5 |
||
todd miller sudo 1.6.8 |
||
todd miller sudo 1.6 |
||
todd miller sudo 1.6.3_p5 |
||
todd miller sudo 1.6.3_p6 |
||
todd miller sudo 1.6.3p6 |
||
todd miller sudo 1.6.3p7 |
||
todd miller sudo 1.6.5_p1 |
||
todd miller sudo 1.6.5_p2 |
||
todd miller sudo 1.6.1 |
||
todd miller sudo 1.6.2 |
||
todd miller sudo 1.6.3_p7 |
||
todd miller sudo 1.6.3p1 |
||
todd miller sudo 1.6.4 |
||
todd miller sudo 1.6.4_p1 |
||
todd miller sudo 1.6.5p1 |
||
todd miller sudo 1.6.5p2 |
||
todd miller sudo 1.6.3 |
||
todd miller sudo 1.6.3_p1 |
||
todd miller sudo 1.6.3p2 |
||
todd miller sudo 1.6.3p3 |
||
todd miller sudo 1.6.4_p2 |
||
todd miller sudo 1.6.4p1 |
||
todd miller sudo 1.6.6 |
||
todd miller sudo 1.6.7 |
||
todd miller sudo 1.6.7_p5 |