Sudo Python Environment Variable Handling Security Bypass Vulnerability

Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables.

A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interactive Python prompt. That attacker may then execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

An attacker must have the ability to run Python scripts through Sudo to exploit this vulnerability.

This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Security Bypass Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus