CVE-2004-1051
NONE EPSS 68.6%
Published Mar 1, 200521y ago · Modified Jun 16, 20262w ago
Published Mar 1, 2005 21y ago
Last Modified Jun 16, 2026 2w ago
Description
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Threat Intelligence
EPSS Exploit Probability
68.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available
Affected Products 51
| Vendor | Product | Version | Range |
|---|---|---|---|
| mandrakesoft | mandrake_multi_network_firewall | 8.2 | any |
| todd_miller | sudo | 1.5.6 | any |
| todd_miller | sudo | 1.5.7 | any |
| todd_miller | sudo | 1.5.8 | any |
| todd_miller | sudo | 1.5.9 | any |
| todd_miller | sudo | 1.6 | any |
| todd_miller | sudo | 1.6.1 | any |
| todd_miller | sudo | 1.6.2 | any |
| todd_miller | sudo | 1.6.3 | any |
| todd_miller | sudo | 1.6.3_p1 | any |
| todd_miller | sudo | 1.6.3_p2 | any |
| todd_miller | sudo | 1.6.3_p3 | any |
| todd_miller | sudo | 1.6.3_p4 | any |
| todd_miller | sudo | 1.6.3_p5 | any |
| todd_miller | sudo | 1.6.3_p6 | any |
| todd_miller | sudo | 1.6.3_p7 | any |
| todd_miller | sudo | 1.6.4 | any |
| todd_miller | sudo | 1.6.4_p1 | any |
| todd_miller | sudo | 1.6.4_p2 | any |
| todd_miller | sudo | 1.6.5 | any |
| todd_miller | sudo | 1.6.5_p1 | any |
| todd_miller | sudo | 1.6.5_p2 | any |
| todd_miller | sudo | 1.6.6 | any |
| todd_miller | sudo | 1.6.7 | any |
| todd_miller | sudo | 1.6.8 | any |
| todd_miller | sudo | 1.6.8_p1 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| debian | debian_linux | 3.0 | any |
| mandrakesoft | mandrake_linux | 9.2 | any |
| mandrakesoft | mandrake_linux | 9.2 | any |
| mandrakesoft | mandrake_linux | 10.0 | any |
| mandrakesoft | mandrake_linux | 10.0 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux | 10.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| mandrakesoft | mandrake_linux_corporate_server | 2.1 | any |
| trustix | secure_linux | 1.5 | any |
| trustix | secure_linux | 2.0 | any |
| trustix | secure_linux | 2.1 | any |
| trustix | secure_linux | 2.2 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
| ubuntu | ubuntu_linux | 4.1 | any |
References 10
- lists.apple.com http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- marc.info http://marc.info/?l=bugtraq&m=110028877431192&w=2
- marc.info http://marc.info/?l=bugtraq&m=110598298225675&w=2
- debian.org http://www.debian.org/security/2004/dsa-596
- mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:133
- securityfocus.com http://www.securityfocus.com/bid/11668
- sudo.ws http://www.sudo.ws/sudo/alerts/bash_functions.html
- trustix.org http://www.trustix.org/errata/2004/0061/
- exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18055
- ubuntu.com https://www.ubuntu.com/usn/usn-28-1/
Remediation
- securityfocus.com http://www.securityfocus.com/bid/11668