CVE-2002-0043

Sažetak

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Reference

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
http://marc.info/?l=bugtraq&m=101120193627756&w=2
http://www.debian.org/security/2002/dsa-101
http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
http://www.redhat.com/support/errata/RHSA-2002-011.html
http://www.redhat.com/support/errata/RHSA-2002-013.html
http://www.securityfocus.com/advisories/3800
http://www.securityfocus.com/archive/1/250168
http://www.securityfocus.com/bid/3871
http://www.sudo.ws/sudo/alerts/postfix.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/7891

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

03-05-2018 - 01:29

Objavljeno

31-01-2002 - 05:00