CVE-2002-0043

Published: Jan 31, 2002Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Affected (11)

Products: Todd Miller: Sudo

1 product

Configuration A

11 vulnerable

Vulnerable Software	Affected Versions
Todd Miller Sudo	Version 1.6.1
Todd Miller Sudo	Version 1.6.2
Todd Miller Sudo	Version 1.6.3
Todd Miller Sudo	Version 1.6.3_p1
Todd Miller Sudo	Version 1.6.3_p2
Todd Miller Sudo	Version 1.6.3_p3
Todd Miller Sudo	Version 1.6.3_p4
Todd Miller Sudo	Version 1.6.3_p5
Todd Miller Sudo	Version 1.6.3_p6
Todd Miller Sudo	Version 1.6.3_p7
Todd Miller Sudo	Version 1.6

References (26)

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc (unsafe URL)

Source: cve@mitre.org

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451

Source: cve@mitre.org

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=101120193627756&w=2

Source: cve@mitre.org

http://www.debian.org/security/2002/dsa-101

Source: cve@mitre.org

http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2002-011.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2002-013.html

Source: cve@mitre.org

PatchVendor Advisory

http://www.securityfocus.com/advisories/3800

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/250168

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/bid/3871

Source: cve@mitre.org

http://www.sudo.ws/sudo/alerts/postfix.html

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/7891

Source: cve@mitre.org

ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc (unsafe URL)

Source: af854a3a-2127-422b-91ae-364da2661108

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451

Source: af854a3a-2127-422b-91ae-364da2661108

http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=bugtraq&m=101120193627756&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2002/dsa-101

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2002-011.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2002-013.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/advisories/3800

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/250168

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/3871

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.sudo.ws/sudo/alerts/postfix.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/7891

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.