CVE-2005-2959

Publication date 25 October 2005

Last updated 17 July 2025

Ubuntu priority

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sudo	7.04 feisty	Fixed 1.6.8p12-1ubuntu6
	6.10 edgy	Fixed 1.6.8p12-1ubuntu6
	6.06 LTS dapper	Fixed 1.6.8p12-1ubuntu6

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-213-1
sudo vulnerability
28 October 2005

Other references

https://www.cve.org/CVERecord?id=CVE-2005-2959