Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0151

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2006-0151
Last Modified 02 Apr 2010 02:36:11
Published 09 Jan 2006 06:03:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2006-0151

Summary

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Vulnerable Systems

Operating System

  • Ubuntu Linux 4.1

  • Ubuntu Linux 5.04

  • Ubuntu Linux 5.10

Application

  • Todd Miller Sudo 1.5.6

  • Todd Miller Sudo 1.5.7

  • Todd Miller Sudo 1.5.8

  • Todd Miller Sudo 1.5.9

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3 P1

  • Todd Miller Sudo 1.6.3 P2

  • Todd Miller Sudo 1.6.3 P3

  • Todd Miller Sudo 1.6.3 P4

  • Todd Miller Sudo 1.6.3 P5

  • Todd Miller Sudo 1.6.3 P6

  • Todd Miller Sudo 1.6.3 P7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4 P1

  • Todd Miller Sudo 1.6.4 P2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5 P1

  • Todd Miller Sudo 1.6.5 P2

  • Todd Miller Sudo 1.6.6

  • Todd Miller Sudo 1.6.7

  • Todd Miller Sudo 1.6.7 P5

  • Todd Miller Sudo 1.6.8

  • Todd Miller Sudo 1.6.8 P1

  • Todd Miller Sudo 1.6.8 P12

  • Todd Miller Sudo 1.6.8 P2

  • Todd Miller Sudo 1.6.8 P5

  • Todd Miller Sudo 1.6.8 P7

  • Todd Miller Sudo 1.6.8 P8

  • Todd Miller Sudo 1.6.8 P9


References

SECUNIA - 18363

UBUNTU - USN-235-2

BID - 16184

SECUNIA - 18358

TRUSTIX - 2006-0010

SUSE - SUSE-SR:2006:002

MANDRIVA - MDKSA-2006:159

DEBIAN - DSA-946

SLACKWARE - SSA:2006-045-08

SECUNIA - 21692

SECUNIA - 19016

SECUNIA - 18906

SECUNIA - 18558

SECUNIA - 18549


Last Updated: 27 May 2016 10:41:32