sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2024-08-08T02:35:17.330Z

Reserved: 2002-01-22T00:00:00

Link: CVE-2002-0043

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2002-01-31T05:00:00.000

Modified: 2024-11-20T23:38:09.790

Link: CVE-2002-0043

cve-icon Redhat

Severity :

Publid Date: 2002-01-14T00:00:00Z

Links: CVE-2002-0043 - Bugzilla