CVE-2005-2959
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Affected products
n/a · n/aWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://docs.info.apple.com/article.html?artnum=305214http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.htmlhttp://secunia.com/advisories/17318http://secunia.com/advisories/17322http://secunia.com/advisories/17345http://secunia.com/advisories/17390http://secunia.com/advisories/17666http://secunia.com/advisories/18549http://secunia.com/advisories/24479https://usn.ubuntu.com/213-1/http://www.debian.org/security/2005/dsa-870http://www.mandriva.com/security/advisories?name=MDKSA-2005:201