CVE-2004-1051

sudo <1.6.8p2 - Command Injection

Title source: llm

Description

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

References (10)

[Mailing List] http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

[Mailing List] http://marc.info/?l=bugtraq&m=110028877431192&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=110598298225675&w=2

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDKSA-2004:133

[Patch, Vendor Advisory] http://www.securityfocus.com/bid/11668

[Various Sources] http://www.sudo.ws/sudo/alerts/bash_functions.html

[Vendor Advisory] http://www.trustix.org/errata/2004/0061/

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18055

[Vendor Advisory] https://www.ubuntu.com/usn/usn-28-1/

[Third Party Advisory] http://www.debian.org/security/2004/dsa-596

Scores

EPSS 0.0027

EPSS Percentile 50.5%

Classification

Status draft

Affected Products (50)

mandrakesoft/mandrake_multi_network_firewall

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

todd_miller/sudo

... and 35 more

Timeline

Published Mar 01, 2005

Tracked Since Feb 18, 2026