CVE-2002-0043 Information

Feb 14, 2021 cve

Description

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-023A06.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003 http://marc.info/?l=bugtraq&m=101120193627756&w=2 http://www.debian.org/security/2002/dsa-101 http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html http://www.redhat.com/support/errata/RHSA-2002-011.html http://www.redhat.com/support/errata/RHSA-2002-013.html http://www.securityfocus.com/advisories/3800 http://www.securityfocus.com/archive/1/250168 http://www.securityfocus.com/bid/3871 http://www.sudo.ws/sudo/alerts/postfix.html https://exchange.xforce.ibmcloud.com/vulnerabilities/7891

Share on: