{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T23:15:52.772","vulnerabilities":[{"cve":{"id":"CVE-2005-2959","sourceIdentifier":"security@debian.org","published":"2005-10-25T16:02:00.000","lastModified":"2026-04-16T00:27:16.627","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":true,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-264"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*","matchCriteriaId":"976B5923-1BCC-4DE6-A904-930DD833B937"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*","matchCriteriaId":"D5452DF1-0270-452D-90EB-45E9A084B94C"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*","matchCriteriaId":"CBFD12E6-F92E-4371-ADA7-BCD41E4C9014"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*","matchCriteriaId":"67FDF4FB-06FA-4A10-A3CF-F52169BC8072"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*","matchCriteriaId":"A5B29018-B495-482A-8FF7-66821A178F9A"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*","matchCriteriaId":"38718561-70C7-4E0D-9313-87A5E82ED338"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*","matchCriteriaId":"D057064A-9B34-4224-97BA-4D5840A92BE0"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*","matchCriteriaId":"E3C297DC-69B1-4BE6-A5EF-D320BD0CA968"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*","matchCriteriaId":"2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*","matchCriteriaId":"338A92AC-92D2-40BF-9FAC-884AF6F74D55"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*","matchCriteriaId":"26DB5610-03CE-425E-8855-70D5787029FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p1:*:*:*:*:*:*:*","matchCriteriaId":"F6848519-57E8-4636-BE10-A0AF06787B20"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p2:*:*:*:*:*:*:*","matchCriteriaId":"A458EA77-772C-4641-A08A-5733FA386974"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p3:*:*:*:*:*:*:*","matchCriteriaId":"57B7415D-FE7F-4F67-8384-016BD6044015"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p4:*:*:*:*:*:*:*","matchCriteriaId":"09429504-327B-44B3-A651-E933EADA0300"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p5:*:*:*:*:*:*:*","matchCriteriaId":"7889BA46-0FAA-4D62-B2BB-B895060F5585"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p6:*:*:*:*:*:*:*","matchCriteriaId":"84FD9DD4-A6D0-40F4-9A8E-8E0017BE349C"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.3p7:*:*:*:*:*:*:*","matchCriteriaId":"B02CEAA5-8409-42AF-A4AE-58D9D16F007F"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*","matchCriteriaId":"C5DFC86C-7743-4F27-BC10-170F04C23D7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*","matchCriteriaId":"F5170421-BA0C-4365-9CD6-BD232EA08680"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*","matchCriteriaId":"5909AAA4-4AF9-4D23-87C5-5D7787909B02"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.4p1:*:*:*:*:*:*:*","matchCriteriaId":"2A3E4716-6D11-46DD-9378-3C733BBDCD8B"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.4p2:*:*:*:*:*:*:*","matchCriteriaId":"55799ECB-CEB1-4839-8053-4C1F071D1526"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*","matchCriteriaId":"2170CFD0-2594-45FB-B68F-0A75114F00A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*","matchCriteriaId":"03C07744-CAE8-44C6-965E-2A09BAE1F36C"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*","matchCriteriaId":"B17E0E59-C928-49AB-BAA7-4AE638B376D1"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.5p1:*:*:*:*:*:*:*","matchCriteriaId":"D6F99CB6-E185-4CE0-9E43-C5AE9017717B"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.5p2:*:*:*:*:*:*:*","matchCriteriaId":"D2F6F9C6-85B6-450F-9165-B23C2BF83EBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*","matchCriteriaId":"294FC65B-4225-475A-B49A-758823CEDECD"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*","matchCriteriaId":"6156B085-AA17-458C-AED1-D658275E43B9"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.7_p5:*:*:*:*:*:*:*","matchCriteriaId":"1C898BE7-506D-49DA-8619-F86C7A9FE902"},{"vulnerable":true,"criteria":"cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*","matchCriteriaId":"B6419309-385F-4525-AD4B-C73B1A3ED935"}]}]}],"references":[{"url":"http://docs.info.apple.com/article.html?artnum=305214","source":"security@debian.org"},{"url":"http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html","source":"security@debian.org"},{"url":"http://secunia.com/advisories/17318","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/17322","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/17345","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/17390","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"http://secunia.com/advisories/17666","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/18549","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/24479","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2005/dsa-870","source":"security@debian.org","tags":["Patch","Vendor Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2005:201","source":"security@debian.org"},{"url":"http://www.novell.com/linux/security/advisories/2006_02_sr.html","source":"security@debian.org"},{"url":"http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html","source":"security@debian.org"},{"url":"http://www.securityfocus.com/advisories/9643","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/15191","source":"security@debian.org","tags":["Exploit"]},{"url":"http://www.sudo.ws/bugs/show_bug.cgi?id=182","source":"security@debian.org"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-072A.html","source":"security@debian.org","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2007/0930","source":"security@debian.org","tags":["Vendor Advisory"]},{"url":"https://usn.ubuntu.com/213-1/","source":"security@debian.org"},{"url":"http://docs.info.apple.com/article.html?artnum=305214","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://secunia.com/advisories/17318","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/17322","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/17345","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/17390","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://secunia.com/advisories/17666","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/18549","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://secunia.com/advisories/24479","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.debian.org/security/2005/dsa-870","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]},{"url":"http://www.mandriva.com/security/advisories?name=MDKSA-2005:201","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.novell.com/linux/security/advisories/2006_02_sr.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/advisories/9643","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://www.securityfocus.com/bid/15191","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"]},{"url":"http://www.sudo.ws/bugs/show_bug.cgi?id=182","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.us-cert.gov/cas/techalerts/TA07-072A.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"]},{"url":"http://www.vupen.com/english/advisories/2007/0930","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://usn.ubuntu.com/213-1/","source":"af854a3a-2127-422b-91ae-364da2661108"}],"vendorComments":[{"organization":"Red Hat","comment":"We do not consider this to be a security issue:\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1","lastModified":"2006-08-30T00:00:00"}]}}]}