Sudo Unclean Environment Variable Root Program Execution Vulnerability

Bugtraq ID: 3871
Class: Input Validation Error
CVE:
Remote: No
Local: Yes
Published: Jan 14 2002 12:00AM
Updated: Jan 14 2002 12:00AM
Credit: This vulnerability was originally discovered by Sebastian Krahmer <krahmer@suse.de>.
Vulnerable: Todd Miller Sudo 1.6.3 p7
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
+ RedHat Linux 7.2 ia64
 + RedHat Linux 7.2 i386
 + S.u.S.E. Linux 7.3 sparc
 + S.u.S.E. Linux 7.3 ppc
 + S.u.S.E. Linux 7.3 i386
 + S.u.S.E. Linux 7.3
+ Slackware Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Todd Miller Sudo 1.6.3 p6
+ Guardian Digital Engarde Secure Linux 1.0.1
+ Guardian Digital Engarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 alpha
 + RedHat Linux 7.1 alpha
 + S.u.S.E. Linux 7.2 i386
 + S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
 + S.u.S.E. Linux 7.1 x86
 + S.u.S.E. Linux 7.1 sparc
 + S.u.S.E. Linux 7.1 sparc
 + S.u.S.E. Linux 7.1 ppc
 + S.u.S.E. Linux 7.1 ppc
 + S.u.S.E. Linux 7.1 alpha
 + S.u.S.E. Linux 7.1 alpha
 + S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
 + S.u.S.E. Linux 7.0 sparc
 + S.u.S.E. Linux 7.0 ppc
 + S.u.S.E. Linux 7.0 ppc
 + S.u.S.E. Linux 7.0 i386
 + S.u.S.E. Linux 7.0 i386
 + S.u.S.E. Linux 7.0 alpha
 + S.u.S.E. Linux 7.0 alpha
 + S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7.0
Todd Miller Sudo 1.6.3 p5
Todd Miller Sudo 1.6.3 p4
+ Slackware Linux 7.1
Todd Miller Sudo 1.6.3 p3
Todd Miller Sudo 1.6.3 p2
Todd Miller Sudo 1.6.3 p1
Todd Miller Sudo 1.6.3
+ RedHat Linux 7.0 i386
 + RedHat Linux 7.0 alpha
Not Vulnerable: Todd Miller Sudo 1.6.5 p1
+ Slackware Linux 8.0
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.4 p2
Todd Miller Sudo 1.6.4 p1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
 + Conectiva Linux ecommerce
 Todd Miller Sudo 1.6.4
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
 + RedHat Linux 7.2 i386
 + RedHat Linux 7.2 alpha
 + RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 alpha
 + RedHat Linux 7.0 i386
 + RedHat Linux 7.0 alpha
 - RedHat Linux 6.2 sparc
 - RedHat Linux 6.2 i386
 - RedHat Linux 6.2 alpha


 

Privacy Statement
Copyright 2010, SecurityFocus