Vulnerability Description
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Todd Miller | Sudo | 1.6 |
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
- http://marc.info/?l=bugtraq&m=101120193627756&w=2
- http://www.debian.org/security/2002/dsa-101
- http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
- http://www.redhat.com/support/errata/RHSA-2002-011.html
- http://www.redhat.com/support/errata/RHSA-2002-013.htmlPatchVendor Advisory
- http://www.securityfocus.com/advisories/3800
- http://www.securityfocus.com/archive/1/250168Vendor Advisory
- http://www.securityfocus.com/bid/3871
- http://www.sudo.ws/sudo/alerts/postfix.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7891
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
FAQ
What is CVE-2002-0043?
CVE-2002-0043 is a vulnerability with a CVSS score of 7.2 (HIGH). sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changin...
How severe is CVE-2002-0043?
CVE-2002-0043 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0043?
Check the references section above for vendor advisories and patch information. Affected products include: Todd Miller Sudo.