Back to search
CVE-2004-1051
Published: Nov 18, 2004
Modified: Aug 8, 2024
PUBLISHED
Description
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-28-1
vendor-advisory
x_refsource_UBUNTU
http://www.sudo.ws/sudo/alerts/bash_functions.html
x_refsource_CONFIRM
OpenPKG-SA-2005.002
vendor-advisory
x_refsource_OPENPKG
20041112 Sudo version 1.6.8p2 now available (fwd)
mailing-list
x_refsource_BUGTRAQ
MDKSA-2004:133
vendor-advisory
x_refsource_MANDRAKE
APPLE-SA-2005-05-03
vendor-advisory
x_refsource_APPLE
11668
vdb-entry
x_refsource_BID
DSA-596
vendor-advisory
x_refsource_DEBIAN
sudo-bash-command-execution(18055)
vdb-entry
x_refsource_XF
2004-0061
vendor-advisory
x_refsource_TRUSTIX
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now