CVE-2005-2959

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2005-2959

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2005-2959.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2005-2959

Downstream

DEBIAN-CVE-2005-2959

DSA-870-1

Published

2005-10-25T16:02:00Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

References

http://secunia.com/advisories/17318
http://secunia.com/advisories/17322
http://secunia.com/advisories/17345
http://secunia.com/advisories/17390
http://secunia.com/advisories/17666
http://secunia.com/advisories/18549
http://secunia.com/advisories/24479
http://www.debian.org/security/2005/dsa-870
http://www.mandriva.com/security/advisories?name=MDKSA-2005:201
http://www.novell.com/linux/security/advisories/2006_02_sr.html
http://www.securityfocus.com/advisories/9643
http://www.vupen.com/english/advisories/2007/0930
http://www.securityfocus.com/bid/15191
http://docs.info.apple.com/article.html?artnum=305214
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html
http://www.sudo.ws/bugs/show_bug.cgi?id=182
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
https://usn.ubuntu.com/213-1/

CVE-2005-2959

Affected packages