Sudo · Sudo · CVE-2004-1051
Name of the Vulnerable Software and Affected Versions:
sudo versions prior to 1.6.8p2
Description:
The issue allows local users to execute arbitrary commands by utilizing "()" style environment variables to create functions with the same name as any program within the bash script that is called without using the program's full pathname.
Recommendations:
For versions prior to 1.6.8p2, update to version 1.6.8p2 or later to resolve the issue.