Lucene search

[email protected]NVD:CVE-2002-0043

HistoryJan 31, 2002 - 5:00 a.m.

CVE-2002-0043

2002-01-3105:00:00

[email protected]

web.nvd.nist.gov

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Affected configurations

Nvd

Node

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p1

todd_millersudoMatch1.6.3_p2

todd_millersudoMatch1.6.3_p3

todd_millersudoMatch1.6.3_p4

todd_millersudoMatch1.6.3_p5

todd_millersudoMatch1.6.3_p6

todd_millersudoMatch1.6.3_p7

References

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451

frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003

marc.info/?l=bugtraq&m=101120193627756&w=2

www.debian.org/security/2002/dsa-101

www.novell.com/linux/security/advisories/2002_002_sudo_txt.html

www.redhat.com/support/errata/RHSA-2002-011.html

www.redhat.com/support/errata/RHSA-2002-013.html

www.securityfocus.com/advisories/3800

www.securityfocus.com/archive/1/250168

www.securityfocus.com/bid/3871

www.sudo.ws/sudo/alerts/postfix.html

exchange.xforce.ibmcloud.com/vulnerabilities/7891

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

Percentile

0.4%

JSON

Related for NVD:CVE-2002-0043

nessus2 openvas2 cvelist1 suse1 cve1