CVE-2006-0151

Description

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.

How to fix CVE-2006-0151

To remediate CVE-2006-0151, upgrade the affected package to a fixed version below.

• Debian/sudo—upgrade to 1.6.8p12-1 or later

Is CVE-2006-0151 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.6.8p12-1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-0151