4.6

CVE-2005-2959

Exploit
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Todd MillerSudo Version1.6
Todd MillerSudo Version1.6.1
Todd MillerSudo Version1.6.2
Todd MillerSudo Version1.6.3
Todd MillerSudo Version1.6.3_p1
Todd MillerSudo Version1.6.3_p2
Todd MillerSudo Version1.6.3_p3
Todd MillerSudo Version1.6.3_p4
Todd MillerSudo Version1.6.3_p5
Todd MillerSudo Version1.6.3_p6
Todd MillerSudo Version1.6.3_p7
Todd MillerSudo Version1.6.3p1
Todd MillerSudo Version1.6.3p2
Todd MillerSudo Version1.6.3p3
Todd MillerSudo Version1.6.3p4
Todd MillerSudo Version1.6.3p5
Todd MillerSudo Version1.6.3p6
Todd MillerSudo Version1.6.3p7
Todd MillerSudo Version1.6.4
Todd MillerSudo Version1.6.4_p1
Todd MillerSudo Version1.6.4_p2
Todd MillerSudo Version1.6.4p1
Todd MillerSudo Version1.6.4p2
Todd MillerSudo Version1.6.5
Todd MillerSudo Version1.6.5_p1
Todd MillerSudo Version1.6.5_p2
Todd MillerSudo Version1.6.5p1
Todd MillerSudo Version1.6.5p2
Todd MillerSudo Version1.6.6
Todd MillerSudo Version1.6.7
Todd MillerSudo Version1.6.7_p5
Todd MillerSudo Version1.6.8
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.62% 0.452
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://www.securityfocus.com/advisories/9643
Vendor Advisory
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://secunia.com/advisories/17318
Vendor Advisory
http://secunia.com/advisories/17322
Vendor Advisory
http://secunia.com/advisories/17345
Vendor Advisory
http://secunia.com/advisories/17390
Patch
Vendor Advisory
http://secunia.com/advisories/17666
Vendor Advisory
http://secunia.com/advisories/18549
Vendor Advisory
http://secunia.com/advisories/24479
Vendor Advisory
http://www.debian.org/security/2005/dsa-870
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDKSA-2005:201
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html
http://www.securityfocus.com/bid/15191
Exploit
http://www.sudo.ws/bugs/show_bug.cgi?id=182
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
US Government Resource
http://www.vupen.com/english/advisories/2007/0930
Vendor Advisory
https://usn.ubuntu.com/213-1/