CVE-2004-1051

Description

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Affected products

• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• Debian / debian_linux3.0 – 3.0
• mandrakesoft / mandrake_linux10.1 – 10.1
• mandrakesoft / mandrake_linux9.2 – 9.2
• mandrakesoft / mandrake_linux9.2 – 9.2
• mandrakesoft / mandrake_linux10.0 – 10.0
• mandrakesoft / mandrake_linux10.0 – 10.0
• mandrakesoft / mandrake_linux10.1 – 10.1
• mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
• mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
• mandrakesoft / mandrake_multi_network_firewall8.2 – 8.2
• todd_miller / sudo1.6.5_p1 – 1.6.5_p1
• todd_miller / sudo1.6.5_p2 – 1.6.5_p2
• todd_miller / sudo1.6.6 – 1.6.6
• todd_miller / sudo1.6.7 – 1.6.7
• todd_miller / sudo1.6.8 – 1.6.8
• todd_miller / sudo1.6.8_p1 – 1.6.8_p1
• todd_miller / sudo1.5.6 – 1.5.6
• todd_miller / sudo1.5.7 – 1.5.7
• todd_miller / sudo1.5.8 – 1.5.8
• todd_miller / sudo1.5.9 – 1.5.9
• todd_miller / sudo1.6 – 1.6
• todd_miller / sudo1.6.1 – 1.6.1
• todd_miller / sudo1.6.2 – 1.6.2
• todd_miller / sudo1.6.3 – 1.6.3
• todd_miller / sudo1.6.3_p1 – 1.6.3_p1
• todd_miller / sudo1.6.3_p2 – 1.6.3_p2
• todd_miller / sudo1.6.3_p3 – 1.6.3_p3
• todd_miller / sudo1.6.3_p4 – 1.6.3_p4
• todd_miller / sudo1.6.3_p5 – 1.6.3_p5
• todd_miller / sudo1.6.3_p6 – 1.6.3_p6
• todd_miller / sudo1.6.3_p7 – 1.6.3_p7
• todd_miller / sudo1.6.4 – 1.6.4
• todd_miller / sudo1.6.4_p1 – 1.6.4_p1
• todd_miller / sudo1.6.4_p2 – 1.6.4_p2
• todd_miller / sudo1.6.5 – 1.6.5
• trustix / secure_linux1.5 – 1.5
• trustix / secure_linux2.0 – 2.0
• trustix / secure_linux2.1 – 2.1
• trustix / secure_linux2.2 – 2.2
• Ubuntu / ubuntu_linux4.1 – 4.1
• Ubuntu / ubuntu_linux4.1 – 4.1

References

• VENDOR_ADVISORYhttps://www.ubuntu.com/usn/usn-28-1/
• MISChttp://www.sudo.ws/sudo/alerts/bash_functions.html
• MAILING_LISThttp://marc.info/?l=bugtraq&m=110598298225675&w=2
• MAILING_LISThttp://marc.info/?l=bugtraq&m=110028877431192&w=2
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:133
• MAILING_LISThttp://lists.apple.com/archives/security-announce/2005/May/msg00001.html
• MISChttp://www.securityfocus.com/bid/11668
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-596
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/18055
• MISChttp://www.trustix.org/errata/2004/0061/