What is the severity of CVE-2007-3149?

CVE-2007-3149 has been classified with a medium severity as it allows local users to gain elevated privileges unintentionally.

How do I fix CVE-2007-3149?

To fix CVE-2007-3149, ensure that you update sudo to a version later than 1.6.8_p12 that addresses this vulnerability.

Who is affected by CVE-2007-3149?

CVE-2007-3149 affects systems using sudo version 1.6.8_p12 linked with MIT Kerberos 5.

What is the impact of CVE-2007-3149?

The impact of CVE-2007-3149 is that it may allow local users to exploit certain environment variable settings to gain higher privileges.

Is CVE-2007-3149 a local or remote vulnerability?

CVE-2007-3149 is a local vulnerability that requires local user access to exploit.

Vulnerability/
CVE-2007-3149

high

7.2

CWE

NVD-CWE-Other

11/6/2007

21/1/2020

CVE-2007-3149

First published: Mon Jun 11 2007(Updated: )

sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings. NOTE: another researcher disputes this vulnerability, stating that the attacker must be "a user, who can already log into your system, and can already use sudo."

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Todd Miller Sudo	=1.6.8_p12
Kerberos 5 (libkrb5)

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-3149?
CVE-2007-3149 has been classified with a medium severity as it allows local users to gain elevated privileges unintentionally.
How do I fix CVE-2007-3149?
To fix CVE-2007-3149, ensure that you update sudo to a version later than 1.6.8_p12 that addresses this vulnerability.
Who is affected by CVE-2007-3149?
CVE-2007-3149 affects systems using sudo version 1.6.8_p12 linked with MIT Kerberos 5.
What is the impact of CVE-2007-3149?
The impact of CVE-2007-3149 is that it may allow local users to exploit certain environment variable settings to gain higher privileges.
Is CVE-2007-3149 a local or remote vulnerability?
CVE-2007-3149 is a local vulnerability that requires local user access to exploit.

agent/references
agent/type
agent/last-modified-date
agent/softwarecombine
agent/first-publish-date
agent/description
agent/author
agent/severity
agent/weakness
agent/tags
agent/event
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/todd miller
canonical/todd miller sudo
version/todd miller sudo/1.6.8_p12
vendor/mit
canonical/kerberos 5 (libkrb5)

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.