Sudo Unclean Environment Variable Root Program Execution Vulnerability

Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems. It is maintained by Todd C. Miller.

Under some circumstances, sudo does not properly sanitize the environment it executes programs with. In the event that sudo is used to run a program such as an MTA with root privileges, this could result in a local user passing unsafe data to the program via environment variables. From these environment variables the user may be able to execute commands as root, and potentially gain elevated privileges.


 

Privacy Statement
Copyright 2010, SecurityFocus