CVE-2004-1051

NONE EPSS 68.6%
Published Mar 1, 200521y ago · Modified Jun 16, 20262w ago
Find Similar
Published Mar 1, 2005 21y ago
Last Modified Jun 16, 2026 2w ago

Description

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Threat Intelligence

EPSS Exploit Probability
68.6% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 51

VendorProductVersionRange
mandrakesoftmandrake_multi_network_firewall8.2any
todd_millersudo1.5.6any
todd_millersudo1.5.7any
todd_millersudo1.5.8any
todd_millersudo1.5.9any
todd_millersudo1.6any
todd_millersudo1.6.1any
todd_millersudo1.6.2any
todd_millersudo1.6.3any
todd_millersudo1.6.3_p1any
todd_millersudo1.6.3_p2any
todd_millersudo1.6.3_p3any
todd_millersudo1.6.3_p4any
todd_millersudo1.6.3_p5any
todd_millersudo1.6.3_p6any
todd_millersudo1.6.3_p7any
todd_millersudo1.6.4any
todd_millersudo1.6.4_p1any
todd_millersudo1.6.4_p2any
todd_millersudo1.6.5any
todd_millersudo1.6.5_p1any
todd_millersudo1.6.5_p2any
todd_millersudo1.6.6any
todd_millersudo1.6.7any
todd_millersudo1.6.8any
todd_millersudo1.6.8_p1any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
debiandebian_linux3.0any
mandrakesoftmandrake_linux9.2any
mandrakesoftmandrake_linux9.2any
mandrakesoftmandrake_linux10.0any
mandrakesoftmandrake_linux10.0any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux10.1any
mandrakesoftmandrake_linux_corporate_server2.1any
mandrakesoftmandrake_linux_corporate_server2.1any
trustixsecure_linux1.5any
trustixsecure_linux2.0any
trustixsecure_linux2.1any
trustixsecure_linux2.2any
ubuntuubuntu_linux4.1any
ubuntuubuntu_linux4.1any

References 10

  • lists.apple.com http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
  • marc.info http://marc.info/?l=bugtraq&m=110028877431192&w=2
  • marc.info http://marc.info/?l=bugtraq&m=110598298225675&w=2
  • debian.org http://www.debian.org/security/2004/dsa-596
  • mandriva.com http://www.mandriva.com/security/advisories?name=MDKSA-2004:133
  • securityfocus.com http://www.securityfocus.com/bid/11668
    PatchVendor Advisory
  • sudo.ws http://www.sudo.ws/sudo/alerts/bash_functions.html
  • trustix.org http://www.trustix.org/errata/2004/0061/
  • exchange.xforce.ibmcloud.com https://exchange.xforce.ibmcloud.com/vulnerabilities/18055
  • ubuntu.com https://www.ubuntu.com/usn/usn-28-1/

Remediation