A logical error in sudo when the env_reset option is disabled allows local attackers to define environment variables that were supposed to be blacklisted by sudo.
This can be exploited by a local unprivileged attacker to gain root privileges by manipulating the environment of a command that the user is legitimately allowed to run with sudo.
This can be exploited by a local unprivileged attacker to gain root privileges by manipulating the environment of a command that the user is legitimately allowed to run with sudo.
CVE Link
Exploit Type - Old
Exploits/Local
Exploit Platform
Product Name