CVE-2002-0043
Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
sudo 1.6.0 hasta 1.6.3p7 no limpia adecuadamente todo el entorno antes de llamar al programa de correo, lo cual podrĂa permitir que usuarios locales obtengan privilegios de root (modificando las variables de entorno y cambiando el modo en que el programa es invocado).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2002-01-14 First Exploit
- 2002-01-22 CVE Reserved
- 2002-01-31 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101120193627756&w=2 | Mailing List | |
| http://www.securityfocus.com/bid/3871 | Vdb Entry | |
| http://www.sudo.ws/sudo/alerts/postfix.html | X_refsource_misc | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/7891 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/21227 | 2002-01-14 |
| URL | Date | SRC |
|---|---|---|
| http://www.redhat.com/support/errata/RHSA-2002-013.html | 2018-05-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p7" | - |
Affected
| ||||||