CVE-2006-0151 — Miller Sudo vulnerability

9 documents7 sources

Severity

7.2HIGHNVD

CNA4.6OSV4.6

EPSS

0.1%

top 68.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sudo Project Sudo Todd Miller Sudo Ubuntu Linux

Timeline

PublishedJan 9

Latest updateMay 1

Description

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages2 packages

▶Debiansudo_project/sudo< 1.6.8p12-1+3

▶NVDtodd_miller/sudo32 versions+31

Also affects: Ubuntu Linux 4.1, 5.04, 5.10

Patches

Patch: secunia.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-7vx7-4r5w-mwxw: sudo 1↗2022-05-01

▶

OSV

CVE-2006-0151: sudo 1↗2006-01-09

▶

CVEList

CVE-2006-0151: sudo 1↗2006-01-09

▶

📋Vendor Advisories

Debian

CVE-2006-0151: sudo - sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment varia...↗2006

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

💬Community

Bugzilla

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-16

▶