Vulnerability CVE-2006-0151 - CERT Civis.Net

Vulnerability Name:

CVE-2006-0151 (CCN-23102)

Assigned:

2005-11-11

Published:

2005-11-11

Updated:

2018-10-03

Summary:

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2005-4158

Source: MITRE
Type: CNA
CVE-2006-0151

Source: CCN
Type: SA17534
Sudo Perl Environment Cleaning Privilege Escalation Vulnerability

Source: CCN
Type: SA18358
Sudo Python Environment Cleaning Privilege Escalation Vulnerability

Source: SECUNIA
Type: Vendor Advisory
18358

Source: SECUNIA
Type: Patch, Vendor Advisory
18363

Source: SECUNIA
Type: UNKNOWN
18549

Source: SECUNIA
Type: UNKNOWN
18558

Source: SECUNIA
Type: UNKNOWN
18906

Source: SECUNIA
Type: UNKNOWN
19016

Source: SECUNIA
Type: UNKNOWN
21692

Source: CCN
Type: SECTRACK ID: 1015192
Sudo Input Validation Flaw in Perl-related Environment Variables Lets Certain Local Users Execute Arbitrary Perl Code

Source: SLACKWARE
Type: UNKNOWN
SSA:2006-045-08

Source: DEBIAN
Type: UNKNOWN
DSA-946

Source: DEBIAN
Type: DSA-946
sudo -- missing input sanitising

Source: MANDRIVA
Type: UNKNOWN
MDKSA-2006:159

Source: SUSE
Type: UNKNOWN
SUSE-SR:2006:002

Source: CCN
Type: OSVDB ID: 20764
Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation

Source: CCN
Type: BID-15191
Todd Miller Sudo Local Privilege Escalation Vulnerability

Source: CCN
Type: BID-15394
Sudo Perl Environment Variable Handling Security Bypass Vulnerability

Source: BID
Type: Exploit
16184

Source: CCN
Type: BID-16184
Sudo Python Environment Variable Handling Security Bypass Vulnerability

Source: CCN
Type: About Sudo
Sudo Main Page

Source: CCN
Type: Sudo Support Web page - Original Advisory
Perl scripts run via Sudo can be subverted

Source: CCN
Type: Sudo Download Web page
Downloading Sudo

Source: TRUSTIX
Type: UNKNOWN
2006-0010

Source: CCN
Type: USN-235-1
sudo vulnerability

Source: CCN
Type: USN-235-2
sudo vulnerability

Source: XF
Type: UNKNOWN
sudo-perl-execute-code(23102)

Source: UBUNTU
Type: UNKNOWN
USN-235-2

Source: SUSE
Type: SUSE-SR:2006:002
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*

OR cpe:/a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.debian:def:946	V	missing input sanitising	2013-01-21