Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0043

6 documents6 sources
Severity
7.2HIGH
EPSS
0.2%
top 58.75%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Todd Miller Sudo
Timeline
PublishedJan 31
Latest updateMay 3

Description

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages1 packages

NVDtodd_miller/sudo11 versions+10

Patches

Patch: www.redhat.comPatch: www.redhat.com

🔴Vulnerability Details

2
GHSA
GHSA-jc33-cg9p-57rj: sudo 12022-05-03
CVEList
CVE-2002-0043: sudo 12002-06-25

💥Exploits & PoCs

1
Exploit-DB
Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation2002-01-14

📋Vendor Advisories

1
Red Hat
security flaw2002-01-14

💬Community

1
Bugzilla
CVE-2002-0043 security flaw2018-08-16
CVE-2002-0043 (HIGH CVSS 7.2) | sudo 1.6.0 through 1.6.3p7 does not | cvebase.io