sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Todd Miller
  • Sudo
Ubuntu
  • Ubuntu Linux

Configuration 1 [-]

OR cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*
cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*
cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

No data.

References
Link Providers
http://secunia.com/advisories/18358 cve-icon cve-icon
http://secunia.com/advisories/18363 cve-icon cve-icon
http://secunia.com/advisories/18549 cve-icon cve-icon
http://secunia.com/advisories/18558 cve-icon cve-icon
http://secunia.com/advisories/18906 cve-icon cve-icon
http://secunia.com/advisories/19016 cve-icon cve-icon
http://secunia.com/advisories/21692 cve-icon cve-icon
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822 cve-icon cve-icon
http://www.debian.org/security/2006/dsa-946 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159 cve-icon cve-icon
http://www.novell.com/linux/security/advisories/2006_02_sr.html cve-icon cve-icon
http://www.securityfocus.com/bid/16184 cve-icon cve-icon
http://www.trustix.org/errata/2006/0010 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2006-0151 cve-icon
https://usn.ubuntu.com/235-2/ cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2006-0151 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-01-09T23:00:00

Updated: 2024-08-07T16:25:33.651Z

Reserved: 2006-01-09T00:00:00

Link: CVE-2006-0151

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2006-01-09T23:03:00.000

Modified: 2018-10-03T21:34:57.397

Link: CVE-2006-0151

cve-icon Redhat

Severity : Low

Publid Date: 2004-11-11T00:00:00Z

Links: CVE-2006-0151 - Bugzilla