ByteOS Network

Vulnerability Details :

CVE-2006-0151

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-09 Jan, 2006 | 23:00

Updated At-07 Aug, 2024 | 16:25

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:09 Jan, 2006 | 23:00

Updated At:07 Aug, 2024 | 16:25

▼CVE Numbering Authority (CNA)

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.trustix.org/errata/2006/0010	vendor-advisory x_refsource_TRUSTIX
http://secunia.com/advisories/18549	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/18558	third-party-advisory x_refsource_SECUNIA
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822	vendor-advisory x_refsource_SLACKWARE
http://secunia.com/advisories/18363	third-party-advisory x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_02_sr.html	vendor-advisory x_refsource_SUSE
http://secunia.com/advisories/18358	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/16184	vdb-entry x_refsource_BID
http://secunia.com/advisories/19016	third-party-advisory x_refsource_SECUNIA
http://secunia.com/advisories/18906	third-party-advisory x_refsource_SECUNIA
http://www.debian.org/security/2006/dsa-946	vendor-advisory x_refsource_DEBIAN
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159	vendor-advisory x_refsource_MANDRIVA
https://usn.ubuntu.com/235-2/	vendor-advisory x_refsource_UBUNTU
http://secunia.com/advisories/21692	third-party-advisory x_refsource_SECUNIA

Hyperlink: http://www.trustix.org/errata/2006/0010

Resource:

vendor-advisory

x_refsource_TRUSTIX

Hyperlink: http://secunia.com/advisories/18549

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/18558

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822

Resource:

vendor-advisory

x_refsource_SLACKWARE

Hyperlink: http://secunia.com/advisories/18363

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.novell.com/linux/security/advisories/2006_02_sr.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://secunia.com/advisories/18358

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/16184

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://secunia.com/advisories/19016

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/18906

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.debian.org/security/2006/dsa-946

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:159

Resource:

vendor-advisory

x_refsource_MANDRIVA

Hyperlink: https://usn.ubuntu.com/235-2/

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://secunia.com/advisories/21692

Resource:

third-party-advisory

x_refsource_SECUNIA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.trustix.org/errata/2006/0010	vendor-advisory x_refsource_TRUSTIX x_transferred
http://secunia.com/advisories/18549	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/18558	third-party-advisory x_refsource_SECUNIA x_transferred
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822	vendor-advisory x_refsource_SLACKWARE x_transferred
http://secunia.com/advisories/18363	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.novell.com/linux/security/advisories/2006_02_sr.html	vendor-advisory x_refsource_SUSE x_transferred
http://secunia.com/advisories/18358	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/bid/16184	vdb-entry x_refsource_BID x_transferred
http://secunia.com/advisories/19016	third-party-advisory x_refsource_SECUNIA x_transferred
http://secunia.com/advisories/18906	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.debian.org/security/2006/dsa-946	vendor-advisory x_refsource_DEBIAN x_transferred
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159	vendor-advisory x_refsource_MANDRIVA x_transferred
https://usn.ubuntu.com/235-2/	vendor-advisory x_refsource_UBUNTU x_transferred
http://secunia.com/advisories/21692	third-party-advisory x_refsource_SECUNIA x_transferred

Hyperlink: http://www.trustix.org/errata/2006/0010

Resource:

vendor-advisory

x_refsource_TRUSTIX

x_transferred

Hyperlink: http://secunia.com/advisories/18549

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/18558

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822

Resource:

vendor-advisory

x_refsource_SLACKWARE

x_transferred

Hyperlink: http://secunia.com/advisories/18363

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.novell.com/linux/security/advisories/2006_02_sr.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://secunia.com/advisories/18358

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/16184

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://secunia.com/advisories/19016

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://secunia.com/advisories/18906

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.debian.org/security/2006/dsa-946

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://www.mandriva.com/security/advisories?name=MDKSA-2006:159

Resource:

vendor-advisory

x_refsource_MANDRIVA

x_transferred

Hyperlink: https://usn.ubuntu.com/235-2/

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://secunia.com/advisories/21692

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:09 Jan, 2006 | 23:03

Updated At:03 Apr, 2025 | 01:03

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 7.2

Base severity: HIGH

Vector:

AV:L/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

todd_miller>>sudo>>1.5.6

cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*

todd_miller>>sudo>>1.5.7

cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*

todd_miller>>sudo>>1.5.8

cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*

todd_miller>>sudo>>1.5.9

cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6

cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.1

cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.2

cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3

cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p1

cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p2

cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p3

cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p4

cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p5

cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p6

cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.3_p7

cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.4

cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.4_p1

cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.4_p2

cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.5

cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.5_p1

cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.5_p2

cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.6

cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.7

cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.7_p5

cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8

cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p1

cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p2

cpe:2.3:a:todd_miller:sudo:1.6.8_p2:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p5

cpe:2.3:a:todd_miller:sudo:1.6.8_p5:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p7

cpe:2.3:a:todd_miller:sudo:1.6.8_p7:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p8

cpe:2.3:a:todd_miller:sudo:1.6.8_p8:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p9

cpe:2.3:a:todd_miller:sudo:1.6.8_p9:*:*:*:*:*:*:*

todd_miller>>sudo>>1.6.8_p12

cpe:2.3:a:todd_miller:sudo:1.6.8_p12:*:*:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>4.1

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>4.1

cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>5.04

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:amd64:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>5.04

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:i386:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>5.04

cpe:2.3:o:ubuntu:ubuntu_linux:5.04:*:powerpc:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>5.10

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:amd64:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>5.10

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:i386:*:*:*:*:*

Ubuntu

>>ubuntu_linux>>5.10

cpe:2.3:o:ubuntu:ubuntu_linux:5.10:*:powerpc:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Vendor Statements

Organization : Red Hat

Last Modified : 2008-01-24T00:00:00

We do not consider this to be a security issue. http:bugzilla.redhat.combugzillashow_bug.cgi?id=139478#c1

References

Hyperlink	Source	Resource
http://secunia.com/advisories/18358	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/18363	cve@mitre.org	Patch Vendor Advisory
http://secunia.com/advisories/18549	cve@mitre.org	N/A
http://secunia.com/advisories/18558	cve@mitre.org	N/A
http://secunia.com/advisories/18906	cve@mitre.org	N/A
http://secunia.com/advisories/19016	cve@mitre.org	N/A
http://secunia.com/advisories/21692	cve@mitre.org	N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822	cve@mitre.org	N/A
http://www.debian.org/security/2006/dsa-946	cve@mitre.org	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159	cve@mitre.org	N/A
http://www.novell.com/linux/security/advisories/2006_02_sr.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/16184	cve@mitre.org	Exploit
http://www.trustix.org/errata/2006/0010	cve@mitre.org	N/A
https://usn.ubuntu.com/235-2/	cve@mitre.org	N/A
http://secunia.com/advisories/18358	af854a3a-2127-422b-91ae-364da2661108	Vendor Advisory
http://secunia.com/advisories/18363	af854a3a-2127-422b-91ae-364da2661108	Patch Vendor Advisory
http://secunia.com/advisories/18549	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/18558	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/18906	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/19016	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21692	af854a3a-2127-422b-91ae-364da2661108	N/A
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2006/dsa-946	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.novell.com/linux/security/advisories/2006_02_sr.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/16184	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.trustix.org/errata/2006/0010	af854a3a-2127-422b-91ae-364da2661108	N/A
https://usn.ubuntu.com/235-2/	af854a3a-2127-422b-91ae-364da2661108	N/A