CVE-2002-0043
published 2002-01-31CVE-2002-0043: sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by…
PriorityP427high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.94%
56.4th percentile
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
| todd_miller | sudo | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
security flaw
vendor_redhat·2002-01-14·CVSS 7.2
CVE-2002-0043 [HIGH] security flaw
security flaw
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
GHSA
GHSA-jc33-cg9p-57rj: sudo 1
ghsa_unreviewed·2022-05-03
CVE-2002-0043 [HIGH] GHSA-jc33-cg9p-57rj: sudo 1
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
No detection rules found.
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003http://marc.info/?l=bugtraq&m=101120193627756&w=2http://www.debian.org/security/2002/dsa-101http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.htmlhttp://www.redhat.com/support/errata/RHSA-2002-011.htmlhttp://www.redhat.com/support/errata/RHSA-2002-013.htmlhttp://www.securityfocus.com/advisories/3800http://www.securityfocus.com/archive/1/250168http://www.securityfocus.com/bid/3871http://www.sudo.ws/sudo/alerts/postfix.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/7891ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.aschttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003http://marc.info/?l=bugtraq&m=101120193627756&w=2http://www.debian.org/security/2002/dsa-101http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.htmlhttp://www.redhat.com/support/errata/RHSA-2002-011.htmlhttp://www.redhat.com/support/errata/RHSA-2002-013.htmlhttp://www.securityfocus.com/advisories/3800http://www.securityfocus.com/archive/1/250168http://www.securityfocus.com/bid/3871http://www.sudo.ws/sudo/alerts/postfix.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/7891
2002-01-31
Published