{
  "threat_severity" : "Important",
  "public_date" : "2007-06-06T00:00:00Z",
  "bugzilla" : {
    "description" : "Local authentication bypass in sudo",
    "id" : "243702",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=243702"
  },
  "details" : [ "sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment variable settings.  NOTE: another researcher disputes this vulnerability, stating that the attacker must be \"a user, who can already log into your system, and can already use sudo.\"" ],
  "statement" : "Not vulnerable. Versions of sudo package shipped with Red Hat Enterprise Linux versions 2.1, 3, 4 and 5 are linked with PAM support and never use libkrb5 authentication.",
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2007-3149\nhttps://nvd.nist.gov/vuln/detail/CVE-2007-3149" ],
  "name" : "CVE-2007-3149",
  "csaw" : false
}