CVE-2005-2959
Ubuntu Security Notice 213-1
Severity Score
7.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Tavis Ormandy discovered a privilege escalation vulnerability in sudo. On executing shell scripts with sudo, the P4 and SHELLOPTS environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2005-09-19 CVE Reserved
- 2005-10-25 CVE Published
- 2005-11-10 First Exploit
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (20)
| URL | Tag | Source |
|---|---|---|
| http://docs.info.apple.com/article.html?artnum=305214 | X_refsource_confirm | |
| http://www.sudo.ws/bugs/show_bug.cgi?id=182 | X_refsource_confirm | |
| http://www.us-cert.gov/cas/techalerts/TA07-072A.html | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://packetstorm.news/files/id/41442 | 2005-11-10 | |
| http://www.securityfocus.com/bid/15191 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/17390 | 2018-10-03 | |
| http://www.debian.org/security/2005/dsa-870 | 2018-10-03 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html | 2018-10-03 | |
| http://secunia.com/advisories/17318 | 2018-10-03 | |
| http://secunia.com/advisories/17322 | 2018-10-03 | |
| http://secunia.com/advisories/17345 | 2018-10-03 | |
| http://secunia.com/advisories/17666 | 2018-10-03 | |
| http://secunia.com/advisories/18549 | 2018-10-03 | |
| http://secunia.com/advisories/24479 | 2018-10-03 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:201 | 2018-10-03 | |
| http://www.novell.com/linux/security/advisories/2006_02_sr.html | 2018-10-03 | |
| http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html | 2018-10-03 | |
| http://www.securityfocus.com/advisories/9643 | 2018-10-03 | |
| http://www.vupen.com/english/advisories/2007/0930 | 2018-10-03 | |
| https://usn.ubuntu.com/213-1 | 2018-10-03 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3p7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.7_p5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.7_p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.8 Search vendor "Todd Miller" for product "Sudo" and version "1.6.8" | - |
Affected
| ||||||