Описание
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.6.8p12-1ubuntu6 |
| devel | released | 1.6.8p12-1ubuntu6 |
| edgy | released | 1.6.8p12-1ubuntu6 |
| feisty | released | 1.6.8p12-1ubuntu6 |
| upstream | needs-triage |
Показывать по
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows lo ...
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
EPSS
4.6 Medium
CVSS2