{"id":"CVE-2005-2959","details":"Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.","modified":"2026-04-10T03:38:12.533007Z","published":"2005-10-25T16:02:00Z","references":[{"type":"ADVISORY","url":"http://secunia.com/advisories/17318"},{"type":"ADVISORY","url":"http://secunia.com/advisories/17322"},{"type":"ADVISORY","url":"http://secunia.com/advisories/17345"},{"type":"ADVISORY","url":"http://secunia.com/advisories/17390"},{"type":"ADVISORY","url":"http://secunia.com/advisories/17666"},{"type":"ADVISORY","url":"http://secunia.com/advisories/18549"},{"type":"ADVISORY","url":"http://secunia.com/advisories/24479"},{"type":"ADVISORY","url":"http://www.debian.org/security/2005/dsa-870"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDKSA-2005:201"},{"type":"ADVISORY","url":"http://www.novell.com/linux/security/advisories/2006_02_sr.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/advisories/9643"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2007/0930"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/15191"},{"type":"FIX","url":"http://secunia.com/advisories/17390"},{"type":"FIX","url":"http://www.debian.org/security/2005/dsa-870"},{"type":"WEB","url":"http://docs.info.apple.com/article.html?artnum=305214"},{"type":"WEB","url":"http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html"},{"type":"WEB","url":"http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html"},{"type":"WEB","url":"http://www.sudo.ws/bugs/show_bug.cgi?id=182"},{"type":"WEB","url":"http://www.us-cert.gov/cas/techalerts/TA07-072A.html"},{"type":"WEB","url":"https://usn.ubuntu.com/213-1/"}],"schema_version":"1.7.5"}