CVE-2005-2959
Last modified
CVE-2005-2959 is a vulnerability of currently unknown severity. Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.. EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Todd Miller | Sudo | 1.6 |
| Todd Miller | Sudo | 1.6.1 |
| Todd Miller | Sudo | 1.6.2 |
| Todd Miller | Sudo | 1.6.3 |
| Todd Miller | Sudo | 1.6.3_p1 |
| Todd Miller | Sudo | 1.6.3_p2 |
| Todd Miller | Sudo | 1.6.3_p3 |
| Todd Miller | Sudo | 1.6.3_p4 |
| Todd Miller | Sudo | 1.6.3_p5 |
| Todd Miller | Sudo | 1.6.3_p6 |
| Todd Miller | Sudo | 1.6.3_p7 |
| Todd Miller | Sudo | 1.6.3p1 |
| Todd Miller | Sudo | 1.6.3p2 |
| Todd Miller | Sudo | 1.6.3p3 |
| Todd Miller | Sudo | 1.6.3p4 |
| Todd Miller | Sudo | 1.6.3p5 |
| Todd Miller | Sudo | 1.6.3p6 |
| Todd Miller | Sudo | 1.6.3p7 |
| Todd Miller | Sudo | 1.6.4 |
| Todd Miller | Sudo | 1.6.4_p1 |
| Todd Miller | Sudo | 1.6.4_p2 |
| Todd Miller | Sudo | 1.6.4p1 |
| Todd Miller | Sudo | 1.6.4p2 |
| Todd Miller | Sudo | 1.6.5 |
| Todd Miller | Sudo | 1.6.5_p1 |
| Todd Miller | Sudo | 1.6.5_p2 |
| Todd Miller | Sudo | 1.6.5p1 |
| Todd Miller | Sudo | 1.6.5p2 |
| Todd Miller | Sudo | 1.6.6 |
| Todd Miller | Sudo | 1.6.7 |
| Todd Miller | Sudo | 1.6.7_p5 |
| Todd Miller | Sudo | 1.6.8 |
References
- http://secunia.com/advisories/17318Vendor Advisory
- http://secunia.com/advisories/17322Vendor Advisory
- http://secunia.com/advisories/17345Vendor Advisory
- http://secunia.com/advisories/17390Patch, Vendor Advisory
- http://secunia.com/advisories/17666Vendor Advisory
- http://secunia.com/advisories/18549Vendor Advisory
- http://secunia.com/advisories/24479Vendor Advisory
- http://www.debian.org/security/2005/dsa-870Patch, Vendor Advisory
- http://www.securityfocus.com/advisories/9643Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/0930Vendor Advisory
- http://secunia.com/advisories/17318Vendor Advisory
- http://secunia.com/advisories/17322Vendor Advisory
- http://secunia.com/advisories/17345Vendor Advisory
- http://secunia.com/advisories/17390Patch, Vendor Advisory
- http://secunia.com/advisories/17666Vendor Advisory
- http://secunia.com/advisories/18549Vendor Advisory
- http://secunia.com/advisories/24479Vendor Advisory
- http://www.debian.org/security/2005/dsa-870Patch, Vendor Advisory
- http://www.securityfocus.com/advisories/9643Vendor Advisory
- http://www.us-cert.gov/cas/techalerts/TA07-072A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2007/0930Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2005-2959?
How severe is CVE-2005-2959?
How do I fix CVE-2005-2959?
Are you affected by CVE-2005-2959?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST