Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.
01540d7b6b0b6ee45a0878ef444900d18cdc75c2444c243cfc128279fd8df1b5Ubuntu Security Notice USN-213-1 - Tavis Ormandy discovered a privilege escalation vulnerability in sudo. On executing shell scripts with sudo, the P4 and SHELLOPTS environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user.
edc8f0c244d39ceb41c3da1b77060c73e66a52308b7156971890553733a48bb9
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed