Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2004-1051

Published: 01/03/2005 Updated: 11/07/2017
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
VMScore: 641
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Sudo

Vulnerability Summary

sudo prior to 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Vulnerable Product Search on Vulmon Subscribe to Product

todd miller sudo 1.5.8

todd miller sudo 1.5.9

todd miller sudo 1.6.3_p4

todd miller sudo 1.6.3_p5

todd miller sudo 1.6.5_p1

todd miller sudo 1.6.5_p2

todd miller sudo 1.5.6

todd miller sudo 1.5.7

todd miller sudo 1.6.3_p1

todd miller sudo 1.6.3_p2

todd miller sudo 1.6.3_p3

todd miller sudo 1.6.4_p2

todd miller sudo 1.6.5

mandrakesoft mandrake multi network firewall 8.2

todd miller sudo 1.6.2

todd miller sudo 1.6.3

todd miller sudo 1.6.4

todd miller sudo 1.6.4_p1

todd miller sudo 1.6.8

todd miller sudo 1.6.8_p1

todd miller sudo 1.6

todd miller sudo 1.6.1

todd miller sudo 1.6.3_p6

todd miller sudo 1.6.3_p7

todd miller sudo 1.6.6

todd miller sudo 1.6.7

debian debian linux 3.0

mandrakesoft mandrake linux 9.2

mandrakesoft mandrake linux corporate server 2.1

ubuntu ubuntu linux 4.1

mandrakesoft mandrake linux 10.1

trustix secure linux 2.2

mandrakesoft mandrake linux 10.0

trustix secure linux 1.5

trustix secure linux 2.0

trustix secure linux 2.1

Vendor Advisories

Debian Security Advisories: DSA-596-2 sudo -- missing input sanitising
Liam Helmer noticed that sudo, a program that provides limited super user privileges to specific users, does not clean the environment sufficiently Bash functions and the CDPATH variable are still passed through to the program running as privileged user, leaving possibilities to overload system routines These vulnerabilities can only be exploited ...

References

NVD-CWE-Otherhttp://www.securityfocus.com/bid/11668http://www.sudo.ws/sudo/alerts/bash_functions.htmlhttp://www.debian.org/security/2004/dsa-596http://www.trustix.org/errata/2004/0061/http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:133http://marc.info/?l=bugtraq&m=110598298225675&w=2http://marc.info/?l=bugtraq&m=110028877431192&w=2https://www.ubuntu.com/usn/usn-28-1/https://exchange.xforce.ibmcloud.com/vulnerabilities/18055https://nvd.nist.govhttps://www.debian.org/security/./dsa-596
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook