Lucene search

[email protected]CVE-2005-2959

HistoryOct 25, 2005 - 4:02 p.m.

CVE-2005-2959

2005-10-2516:02:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2005-2959

incomplete blacklist

sudo

vulnerability

local users

privileges

shellopts

ps4

environment variables

bash script

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.9

Confidence

High

EPSS

Percentile

9.5%

JSON

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Affected configurations

NVD

Node

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p1

todd_millersudoMatch1.6.3_p2

todd_millersudoMatch1.6.3_p3

todd_millersudoMatch1.6.3_p4

todd_millersudoMatch1.6.3_p5

todd_millersudoMatch1.6.3_p6

todd_millersudoMatch1.6.3_p7

todd_millersudoMatch1.6.3p1

todd_millersudoMatch1.6.3p2

todd_millersudoMatch1.6.3p3

todd_millersudoMatch1.6.3p4

todd_millersudoMatch1.6.3p5

todd_millersudoMatch1.6.3p6

todd_millersudoMatch1.6.3p7

todd_millersudoMatch1.6.4

todd_millersudoMatch1.6.4_p1

todd_millersudoMatch1.6.4_p2

todd_millersudoMatch1.6.4p1

todd_millersudoMatch1.6.4p2

todd_millersudoMatch1.6.5

todd_millersudoMatch1.6.5_p1

todd_millersudoMatch1.6.5_p2

todd_millersudoMatch1.6.5p1

todd_millersudoMatch1.6.5p2

todd_millersudoMatch1.6.6

todd_millersudoMatch1.6.7

todd_millersudoMatch1.6.7_p5

todd_millersudoMatch1.6.8

VendorProductVersionCPE
todd_millersudo1.6cpe:/a:todd_miller:sudo:1.6:::
todd_millersudo1.6.3p2cpe:/a:todd_miller:sudo:1.6.3p2:::
todd_millersudo1.6.5cpe:/a:todd_miller:sudo:1.6.5:::
todd_millersudo1.6.3+p7cpe:/a:todd_miller:sudo:1.6.3+p7:::
todd_millersudo1.6.3+p4cpe:/a:todd_miller:sudo:1.6.3+p4:::
todd_millersudo1.6.7+p5cpe:/a:todd_miller:sudo:1.6.7+p5:::
todd_millersudo1.6.7cpe:/a:todd_miller:sudo:1.6.7:::
todd_millersudo1.6.4cpe:/a:todd_miller:sudo:1.6.4:::
todd_millersudo1.6.3p3cpe:/a:todd_miller:sudo:1.6.3p3:::
todd_millersudo1.6.1cpe:/a:todd_miller:sudo:1.6.1:::

Vendor	Product	Version	CPE
todd_miller	sudo	1.6	cpe:/a:todd_miller:sudo:1.6:::
todd_miller	sudo	1.6.3p2	cpe:/a:todd_miller:sudo:1.6.3p2:::
todd_miller	sudo	1.6.5	cpe:/a:todd_miller:sudo:1.6.5:::
todd_miller	sudo	1.6.3+p7	cpe:/a:todd_miller:sudo:1.6.3+p7:::
todd_miller	sudo	1.6.3+p4	cpe:/a:todd_miller:sudo:1.6.3+p4:::
todd_miller	sudo	1.6.7+p5	cpe:/a:todd_miller:sudo:1.6.7+p5:::
todd_miller	sudo	1.6.7	cpe:/a:todd_miller:sudo:1.6.7:::
todd_miller	sudo	1.6.4	cpe:/a:todd_miller:sudo:1.6.4:::
todd_miller	sudo	1.6.3p3	cpe:/a:todd_miller:sudo:1.6.3p3:::
todd_miller	sudo	1.6.1	cpe:/a:todd_miller:sudo:1.6.1:::