CVE-2002-0043

Published: Jun 25, 2002

Modified: Aug 8, 2024

PUBLISHED

Description

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

RHSA-2002:013

vendor-advisory

x_refsource_REDHAT

sudo-unclean-env-root(7891)

vdb-entry

x_refsource_XF

IMNX-2002-70-001-01

vendor-advisory

x_refsource_IMMUNIX

3871

vdb-entry

x_refsource_BID

20020114 Sudo version 1.6.4 now available (fwd)

mailing-list

x_refsource_BUGTRAQ

20020116 Sudo +Postfix Exploit

mailing-list

x_refsource_BUGTRAQ

http://www.sudo.ws/sudo/alerts/postfix.html

x_refsource_MISC

SuSE-SA:2002:002

vendor-advisory

x_refsource_SUSE

MDKSA-2002:003

vendor-advisory

x_refsource_MANDRAKE

DSA-101

vendor-advisory

x_refsource_DEBIAN

RHSA-2002:011

vendor-advisory

x_refsource_REDHAT

CLA-2002:451

vendor-advisory

x_refsource_CONECTIVA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2002-0043

Description

Affected Products

References