CVE-2005-2959
EPSS 0.13%sudo - missing input sanitising
發布日:2005/10/25修改日:2026/4/28
也稱為:DEBIAN-CVE-2005-2959
描述
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
受影響套件(2)
- Debian/sudofrom 0, < 1.6.8p9-3
- Debian/sudofrom 0, < 1.6.6-1.4