Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2959

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2005-2959
Last Modified 28 Jul 2011 12:00:00
Published 25 Oct 2005 12:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2005-2959

Summary

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Vulnerable Systems

Application

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3 P1

  • Todd Miller Sudo 1.6.3 P2

  • Todd Miller Sudo 1.6.3 P3

  • Todd Miller Sudo 1.6.3 P4

  • Todd Miller Sudo 1.6.3 P5

  • Todd Miller Sudo 1.6.3 P6

  • Todd Miller Sudo 1.6.3 P7

  • Todd Miller Sudo 1.6.3p1

  • Todd Miller Sudo 1.6.3p2

  • Todd Miller Sudo 1.6.3p3

  • Todd Miller Sudo 1.6.3p4

  • Todd Miller Sudo 1.6.3p5

  • Todd Miller Sudo 1.6.3p6

  • Todd Miller Sudo 1.6.3p7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4 P1

  • Todd Miller Sudo 1.6.4 P2

  • Todd Miller Sudo 1.6.4p1

  • Todd Miller Sudo 1.6.4p2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5 P1

  • Todd Miller Sudo 1.6.5 P2

  • Todd Miller Sudo 1.6.5p1

  • Todd Miller Sudo 1.6.5p2

  • Todd Miller Sudo 1.6.6

  • Todd Miller Sudo 1.6.7

  • Todd Miller Sudo 1.6.7 P5

  • Todd Miller Sudo 1.6.8


References

CERT - TA07-072A

DEBIAN - DSA-870

SECUNIA - 17390

VUPEN - ADV-2007-0930

CONFIRM - http://www.sudo.ws/bugs/show_bug.cgi?id=182

BID - 15191

SUSE - SUSE-SR:2005:025

OPENPKG - OpenPKG-SA-2006.002

SUSE - SUSE-SR:2006:002

MANDRIVA - MDKSA-2005:201

SECUNIA - 24479

SECUNIA - 18549

SECUNIA - 17666

SECUNIA - 17345

SECUNIA - 17322

SECUNIA - 17318

APPLE - APPLE-SA-2007-03-13

CONFIRM - http://docs.info.apple.com/article.html?artnum=305214

Related Patches

Apple 2007-03-13 Mac OS X 10.4.9 Combo Update (Intel) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Combo Update (PPC) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Update (PPC) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Update (Intel) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Server Update (PPC) (Rev 3)

Apple 2007-03-13 Mac OS X 10.4.9 Server Combo Update (PPC) (Rev 3)


Last Updated: 27 May 2016 10:40:42