Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sudo未清环境变量导致以root身份执行命令漏洞
Vulnerability Description
Sudo是一个免费的,开放源码的许可权限管理软件,运行于Linux及一些Unix平台下,程序由Todd C. Miller维护。 Sudo存在一个漏洞输入验证漏洞,可以使本地攻击者以root身份执行程序。 在某些情况下,sudo不会正确地清空程序运行时的环境变量。当sudo以root身份去运行一个程序比如MTA时,这可能会导致一个本地用户通过环境变量把非法的数据传递给程序。利用那些环境变量攻击者可能以root身份执行命令,从而提升自己的权限。
CVSS Information
N/A
Vulnerability Type
N/A