CVE-2005-2959 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-2959
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-2959

Description: Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-213-1 SUSE http://www.novell.com/linux/security/advisories/2006_02_sr.html http://www.securityfocus.com/advisories/9643 SAID Secunia Advisory: SA17318 Secunia Advisory: SA17390 Secunia Advisory: SA17322 Secunia Advisory: SA17345 Secunia Advisory: SA17666 Secunia Advisory: SA18549 Secunia Advisory: SA24479 OPENPKG http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2005:201 DEBIAN http://www.debian.org/security/2005/dsa-870 CONFIRM http://docs.info.apple.com/article.html?artnum=305214 http://www.sudo.ws/bugs/show_bug.cgi?id=182 CERT http://www.us-cert.gov/cas/techalerts/TA07-072A.html BID 15191 APPLE http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

Return to the previous page.