CVE-2005-2959

EPSS 0.13%

sudo - missing input sanitising

Published: 10/25/2005Modified: 4/28/2026

Description

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Affected packages (2)

Debian/sudofrom 0, < 1.6.8p9-3
Debian/sudofrom 0, < 1.6.6-1.4

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2005-2959