4.6

CVE-2005-2959

Exploit

EPSS 0.1%
Published 25.10.2005 16:02:00
Last modified 03.04.2025 01:03:51
Source security@debian.org
Teams watchlist Login
Open Login

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Affected products Warnungen 0 Metrics 2 CWE 0 References 22

Data is provided by the National Vulnerability Database (NVD)

Todd Miller ≫ Sudo Version1.6

Todd Miller ≫ Sudo Version1.6.1

Todd Miller ≫ Sudo Version1.6.2

Todd Miller ≫ Sudo Version1.6.3

Todd Miller ≫ Sudo Version1.6.3_p1

Todd Miller ≫ Sudo Version1.6.3_p2

Todd Miller ≫ Sudo Version1.6.3_p3

Todd Miller ≫ Sudo Version1.6.3_p4

Todd Miller ≫ Sudo Version1.6.3_p5

Todd Miller ≫ Sudo Version1.6.3_p6

Todd Miller ≫ Sudo Version1.6.3_p7

Todd Miller ≫ Sudo Version1.6.3p1

Todd Miller ≫ Sudo Version1.6.3p2

Todd Miller ≫ Sudo Version1.6.3p3

Todd Miller ≫ Sudo Version1.6.3p4

Todd Miller ≫ Sudo Version1.6.3p5

Todd Miller ≫ Sudo Version1.6.3p6

Todd Miller ≫ Sudo Version1.6.3p7

Todd Miller ≫ Sudo Version1.6.4

Todd Miller ≫ Sudo Version1.6.4_p1

Todd Miller ≫ Sudo Version1.6.4_p2

Todd Miller ≫ Sudo Version1.6.4p1

Todd Miller ≫ Sudo Version1.6.4p2

Todd Miller ≫ Sudo Version1.6.5

Todd Miller ≫ Sudo Version1.6.5_p1

Todd Miller ≫ Sudo Version1.6.5_p2

Todd Miller ≫ Sudo Version1.6.5p1

Todd Miller ≫ Sudo Version1.6.5p2

Todd Miller ≫ Sudo Version1.6.6

Todd Miller ≫ Sudo Version1.6.7

Todd Miller ≫ Sudo Version1.6.7_p5

Todd Miller ≫ Sudo Version1.6.8

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.1%	0.243

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P

http://www.securityfocus.com/advisories/9643

Vendor Advisory

http://docs.info.apple.com/article.html?artnum=305214

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

http://secunia.com/advisories/17318

Vendor Advisory

http://secunia.com/advisories/17322

Vendor Advisory

http://secunia.com/advisories/17345

Vendor Advisory

http://secunia.com/advisories/17390

Patch

Vendor Advisory

http://secunia.com/advisories/17666

Vendor Advisory

http://secunia.com/advisories/18549

Vendor Advisory

http://secunia.com/advisories/24479

Vendor Advisory

http://www.debian.org/security/2005/dsa-870

Patch

Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDKSA-2005:201

http://www.novell.com/linux/security/advisories/2006_02_sr.html

http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html

http://www.securityfocus.com/bid/15191

Exploit

http://www.sudo.ws/bugs/show_bug.cgi?id=182

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

US Government Resource

http://www.vupen.com/english/advisories/2007/0930

Vendor Advisory

https://usn.ubuntu.com/213-1/

https://nvd.nist.gov/vuln/detail/CVE-2005-2959

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-2959

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-2959

EUVD