Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1051

Overview

Vulnerability Score 7.2 7.2
CVE Id CVE-2004-1051
Last Modified 10 Sep 2008 03:28:50
Published 01 Mar 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2004-1051

Summary

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Vulnerable Systems

Operating System

  • Debian Linux 3.0

  • Mandrakesoft Mandrake Linux 10.0

  • Mandrakesoft Mandrake Linux 10.1

  • Mandrakesoft Mandrake Linux 9.2

  • Mandrakesoft Mandrake Linux Corporate Server 2.1

  • Trustix Secure Linux 1.5

  • Trustix Secure Linux 2.0

  • Trustix Secure Linux 2.1

  • Trustix Secure Linux 2.2

  • Ubuntu Linux 4.1

Application

  • Mandrakesoft Mandrake Multi Network Firewall 8.2

  • Todd Miller Sudo 1.5.6

  • Todd Miller Sudo 1.5.7

  • Todd Miller Sudo 1.5.8

  • Todd Miller Sudo 1.5.9

  • Todd Miller Sudo 1.6

  • Todd Miller Sudo 1.6.1

  • Todd Miller Sudo 1.6.2

  • Todd Miller Sudo 1.6.3

  • Todd Miller Sudo 1.6.3 P1

  • Todd Miller Sudo 1.6.3 P2

  • Todd Miller Sudo 1.6.3 P3

  • Todd Miller Sudo 1.6.3 P4

  • Todd Miller Sudo 1.6.3 P5

  • Todd Miller Sudo 1.6.3 P6

  • Todd Miller Sudo 1.6.3 P7

  • Todd Miller Sudo 1.6.4

  • Todd Miller Sudo 1.6.4 P1

  • Todd Miller Sudo 1.6.4 P2

  • Todd Miller Sudo 1.6.5

  • Todd Miller Sudo 1.6.5 P1

  • Todd Miller Sudo 1.6.5 P2

  • Todd Miller Sudo 1.6.6

  • Todd Miller Sudo 1.6.7

  • Todd Miller Sudo 1.6.8

  • Todd Miller Sudo 1.6.8 P1


References

BID - 11668

XF - sudo-bash-command-execution(18055)

TRUSTIX - 2004-0061

CONFIRM - http://www.sudo.ws/sudo/alerts/bash_functions.html

DEBIAN - DSA-596

APPLE - APPLE-SA-2005-05-03

MANDRAKE - MDKSA-2004:133

OPENPKG - OpenPKG-SA-2005.002

UBUNTU - USN-28-1

BUGTRAQ - 20041112 Sudo version 1.6.8p2 now available (fwd)


Last Updated: 27 May 2016 10:38:52