CVE-2002-0043
First published: Thu Jan 31 2002(Updated: )
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sudo | =1.6.3_p6 | |
| Sudo | =1.6.3 | |
| Sudo | =1.6.1 | |
| Sudo | =1.6.3_p5 | |
| Sudo | =1.6.2 | |
| Sudo | =1.6.3_p2 | |
| Sudo | =1.6.3_p4 | |
| Sudo | =1.6.3_p3 | |
| Sudo | =1.6.3_p7 | |
| Sudo | =1.6 | |
| Sudo | =1.6.3_p1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/250168
- http://www.redhat.com/support/errata/RHSA-2002-013.html
- http://www.sudo.ws/sudo/alerts/postfix.html
- http://www.redhat.com/support/errata/RHSA-2002-011.html
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
- http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
- http://www.debian.org/security/2002/dsa-101
- http://www.securityfocus.com/advisories/3800
- http://www.securityfocus.com/bid/3871
- http://marc.info/?l=bugtraq&m=101120193627756&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7891
Frequently Asked Questions
What is the severity of CVE-2002-0043?
CVE-2002-0043 has a high severity rating due to its potential to allow local users to gain root privileges.
How do I fix CVE-2002-0043?
To fix CVE-2002-0043, update to a patched version of sudo that is higher than 1.6.3p7.
Which versions of sudo are affected by CVE-2002-0043?
CVE-2002-0043 affects sudo versions from 1.6.0 to 1.6.3p7.
Can CVE-2002-0043 be exploited remotely?
No, CVE-2002-0043 can only be exploited by local users who have access to the system.
What are the implications of CVE-2002-0043 for system security?
CVE-2002-0043 poses a significant security risk as it could allow unauthorized users to execute commands with root privileges.
- agent/type
- agent/references
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/todd miller
- canonical/sudo
- version/sudo/1.6.3_p6
- version/sudo/1.6.3
- version/sudo/1.6.1
- version/sudo/1.6.3_p5
- version/sudo/1.6.2
- version/sudo/1.6.3_p2
- version/sudo/1.6.3_p4
- version/sudo/1.6.3_p3
- version/sudo/1.6.3_p7
- version/sudo/1.6
- version/sudo/1.6.3_p1