CVE-2002-0043

Name of the Vulnerable Software and Affected Versions sudo versions 1.6.0 through 1.6.3p7

Description The issue allows local users to potentially gain root privileges by modifying environment variables and changing how the mail program is invoked, due to the improper clearing of the environment before calling the mail program. This could lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be performed locally.

Recommendations For sudo versions 1.6.0 through 1.6.3p7, consider updating to a version that properly clears the environment before invoking the mail program to prevent local users from gaining root privileges. At the moment, there is no information about a newer version that contains a fix for this vulnerability.