Lucene search

[email protected]CVE-2002-0043

HistoryJun 25, 2002 - 4:00 a.m.

CVE-2002-0043

2002-06-2504:00:00

[email protected]

web.nvd.nist.gov

sudo

environment variable

privilege escalation

nvd

cve-2002-0043

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Affected configurations

NVD

Node

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p1

todd_millersudoMatch1.6.3_p2

todd_millersudoMatch1.6.3_p3

todd_millersudoMatch1.6.3_p4

todd_millersudoMatch1.6.3_p5

todd_millersudoMatch1.6.3_p6

todd_millersudoMatch1.6.3_p7

VendorProductVersionCPE
todd_millersudo1.6cpe:/a:todd_miller:sudo:1.6:::
todd_millersudo1.6.3+p7cpe:/a:todd_miller:sudo:1.6.3+p7:::
todd_millersudo1.6.3+p4cpe:/a:todd_miller:sudo:1.6.3+p4:::
todd_millersudo1.6.3+p3cpe:/a:todd_miller:sudo:1.6.3+p3:::
todd_millersudo1.6.3+p5cpe:/a:todd_miller:sudo:1.6.3+p5:::
todd_millersudo1.6.3+p2cpe:/a:todd_miller:sudo:1.6.3+p2:::
todd_millersudo1.6.3+p1cpe:/a:todd_miller:sudo:1.6.3+p1:::
todd_millersudo1.6.2cpe:/a:todd_miller:sudo:1.6.2:::
todd_millersudo1.6.3+p6cpe:/a:todd_miller:sudo:1.6.3+p6:::
todd_millersudo1.6.1cpe:/a:todd_miller:sudo:1.6.1:::

Vendor	Product	Version	CPE
todd_miller	sudo	1.6	cpe:/a:todd_miller:sudo:1.6:::
todd_miller	sudo	1.6.3+p7	cpe:/a:todd_miller:sudo:1.6.3+p7:::
todd_miller	sudo	1.6.3+p4	cpe:/a:todd_miller:sudo:1.6.3+p4:::
todd_miller	sudo	1.6.3+p3	cpe:/a:todd_miller:sudo:1.6.3+p3:::
todd_miller	sudo	1.6.3+p5	cpe:/a:todd_miller:sudo:1.6.3+p5:::
todd_miller	sudo	1.6.3+p2	cpe:/a:todd_miller:sudo:1.6.3+p2:::
todd_miller	sudo	1.6.3+p1	cpe:/a:todd_miller:sudo:1.6.3+p1:::
todd_miller	sudo	1.6.2	cpe:/a:todd_miller:sudo:1.6.2:::
todd_miller	sudo	1.6.3+p6	cpe:/a:todd_miller:sudo:1.6.3+p6:::
todd_miller	sudo	1.6.1	cpe:/a:todd_miller:sudo:1.6.1:::

Rows per page:

1-10 of 111

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451

frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003

marc.info/?l=bugtraq&m=101120193627756&w=2

www.debian.org/security/2002/dsa-101

www.novell.com/linux/security/advisories/2002_002_sudo_txt.html

www.redhat.com/support/errata/RHSA-2002-011.html

www.redhat.com/support/errata/RHSA-2002-013.html

www.securityfocus.com/advisories/3800

www.securityfocus.com/archive/1/250168

www.securityfocus.com/bid/3871

www.sudo.ws/sudo/alerts/postfix.html

exchange.xforce.ibmcloud.com/vulnerabilities/7891

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2002-0043

nessus2 nvd1 suse1 openvas2 cvelist1