Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
freebsdFreeBSD1B725079-9EF6-11DA-B410-000E0C2E438A
HistoryOct 25, 2005 - 12:00 a.m.

sudo -- arbitrary command execution

2005-10-2500:00:00
vuxml.freebsd.org
15

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

9.5%

JSON

Tavis Ormandy reports:

The bash shell uses the value of the PS4 environment
variable (after expansion) as a prefix for commands run
in execution trace mode. Execution trace mode (xtrace) is
normally set via bash’s -x command line option or
interactively by running “set -o xtrace”. However, it may
also be enabled by placing the string “xtrace” in the
SHELLOPTS environment variable before bash is started.
A malicious user with sudo access to a shell script that
uses bash can use this feature to run arbitrary commands
for each line of the script.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchsudo< 1.6.8.10UNKNOWN

Related

openvas 4
securityvulns 1
nvd 1
nessus 5
debiancve 1
redhatcve 1
debian 2
ubuntu 1
packetstorm 1
ubuntucve 1
cve 1
cvelist 1
openvas
openvas
FreeBSD Ports: sudo
2008-09-04 00:00:00
Debian Security Advisory DSA 870-1 (sudo)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-870-1)
2008-01-17 00:00:00
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution
2005-10-25 00:00:00
nvd
nvd
CVE-2005-2959
2005-10-25 16:02:00
nessus
nessus
Ubuntu 4.10 / 5.04 / 5.10 : sudo vulnerability (USN-213-1)
2006-01-15 00:00:00
FreeBSD : sudo -- arbitrary command execution (1b725079-9ef6-11da-b410-000e0c2e438a)
2006-05-13 00:00:00
Debian DSA-870-1 : sudo - missing input sanitising
2006-10-14 00:00:00
debiancve
debiancve
CVE-2005-2959
2005-10-25 16:02:00
redhatcve
redhatcve
CVE-2005-2959
2015-10-30 10:08:02
debian
debian
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution
2005-10-25 09:39:08
[SECURITY] [DSA 870-1] New sudo packages fix arbitrary command execution
2005-10-25 09:39:08
ubuntu
ubuntu
sudo vulnerability
2005-10-28 00:00:00
packetstorm
packetstorm
sudo168p10.sh.txt
2005-11-10 00:00:00
ubuntucve
ubuntucve
CVE-2005-2959
2005-10-25 00:00:00
cve
cve
CVE-2005-2959
2005-10-25 16:02:00
cvelist
cvelist
CVE-2005-2959
2005-10-25 04:00:00

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

9.5%

JSON
Related for 1B725079-9EF6-11DA-B410-000E0C2E438A
openvas4securityvulns1nvd1nessus5debiancve1redhatcve1debian2ubuntu1packetstorm1ubuntucve1cve1cvelist1