Vulnerabilities > CVE-2002-0043 - Unspecified vulnerability in Todd Miller Sudo
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 11 |
Exploit-Db
| description | Sudo 1.6.3 Unclean Environment Variable Root Program Execution Vulnerability. CVE-2002-0043. Local exploit for linux platform |
| id | EDB-ID:21227 |
| last seen | 2016-02-02 |
| modified | 2002-01-14 |
| published | 2002-01-14 |
| reporter | Charles Stevenson |
| source | https://www.exploit-db.com/download/21227/ |
| title | Sudo 1.6.3 Unclean Environment Variable Root Program Execution Vulnerability |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2002-003.NASL description The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using. last seen 2020-06-01 modified 2020-06-02 plugin id 13911 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13911 title Mandrake Linux Security Advisory : sudo (MDKSA-2002:003) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2002:003. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(13911); script_version ("1.15"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2002-0043"); script_xref(name:"MDKSA", value:"2002:003"); script_name(english:"Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Mandrake Linux host is missing a security update." ); script_set_attribute( attribute:"description", value: "The SuSE Security Team discovered a vulnerability in sudo that can be exploited to obtain root privilege because sudo is installed setuid root. An attacker could trick sudo to log failed sudo calls executing the sendmail (or equivalent mailer) program with root privileges and an environment that is not completely clean. This problem has been fixed upstream by the author in sudo 1.6.4 and it is highly recommended that all users upgrade regardless of what mailer you are using." ); script_set_attribute(attribute:"solution", value:"Update the affected sudo package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sudo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1"); script_set_attribute(attribute:"patch_publication_date", value:"2002/01/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"sudo-1.6.4-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"sudo-1.6.4-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"sudo-1.6.4-1.1mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"sudo-1.6.4-1.1mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-101.NASL description Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit. last seen 2020-06-01 modified 2020-06-02 plugin id 14938 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14938 title Debian DSA-101-1 : sudo - Local root exploit code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-101. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(14938); script_version("1.16"); script_cvs_date("Date: 2019/08/02 13:32:16"); script_cve_id("CVE-2002-0043"); script_xref(name:"DSA", value:"101"); script_name(english:"Debian DSA-101-1 : sudo - Local root exploit"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Sebastian Krahmer from SuSE found a vulnerability in sudo which could easily lead into a local root exploit." ); script_set_attribute( attribute:"see_also", value:"http://www.debian.org/security/2002/dsa-101" ); script_set_attribute( attribute:"solution", value: "Upgrade the sudo packages immediately. This problem has been fixed in upstream version 1.6.4 as well as in version 1.6.2p2-2.1 for the stable release of Debian GNU/Linux." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sudo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:2.2"); script_set_attribute(attribute:"patch_publication_date", value:"2002/01/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/09/29"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"2.2", prefix:"sudo", reference:"1.6.2p2-2.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
Redhat
| advisories |
|
References
- ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
- http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
- http://marc.info/?l=bugtraq&m=101120193627756&w=2
- http://www.debian.org/security/2002/dsa-101
- http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
- http://www.redhat.com/support/errata/RHSA-2002-011.html
- http://www.redhat.com/support/errata/RHSA-2002-013.html
- http://www.securityfocus.com/advisories/3800
- http://www.securityfocus.com/archive/1/250168
- http://www.securityfocus.com/bid/3871
- http://www.sudo.ws/sudo/alerts/postfix.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/7891