CVE-2002-0043

sudo <1.6.3p7 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-0043. PoCs published by Charles Stevenson.

AI-analyzed exploit summary This exploit leverages a sudo environment variable sanitization flaw (CVE-2002-0043) to execute arbitrary commands as root by manipulating Postfix configuration via the MAIL_CONFIG environment variable. It creates a setuid root shell by abusing the debugger_command directive in Postfix.

Description

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Charles Stevenson · bashlocallinux
https://www.exploit-db.com/exploits/21227

This exploit leverages a sudo environment variable sanitization flaw (CVE-2002-0043) to execute arbitrary commands as root by manipulating Postfix configuration via the MAIL_CONFIG environment variable. It creates a setuid root shell by abusing the debugger_command directive in Postfix.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: sudo (versions prior to 1.6.7p5), Postfix
Auth required
Prerequisites: sudo access to a command that inherits environment variables (e.g., Postfix) · Postfix installed on the target system · Ability to write to a temporary directory
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (13)

Core 13
Core References
Various Sources vendor-advisory x_refsource_freebsd
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
Patch, Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-013.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7891
Third Party Advisory, VDB Entry vendor-advisory x_refsource_immunix
http://www.securityfocus.com/advisories/3800
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3871
Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/250168
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101120193627756&w=2
Various Sources x_refsource_misc
http://www.sudo.ws/sudo/alerts/postfix.html
Vendor Advisory vendor-advisory x_refsource_suse
http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
Various Sources vendor-advisory x_refsource_mandrake
http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2002/dsa-101
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-011.html
Vendor Advisory vendor-advisory x_refsource_conectiva
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451

Scores

EPSS 0.0094
EPSS Percentile 56.2%

Details

Status published
Products (11)
todd_miller/sudo 1.6
todd_miller/sudo 1.6.1
todd_miller/sudo 1.6.2
todd_miller/sudo 1.6.3
todd_miller/sudo 1.6.3_p1
todd_miller/sudo 1.6.3_p2
todd_miller/sudo 1.6.3_p3
todd_miller/sudo 1.6.3_p4
todd_miller/sudo 1.6.3_p5
todd_miller/sudo 1.6.3_p6
... and 1 more
Published Jan 31, 2002
Tracked Since Feb 18, 2026