PT-2004-2037 · Sudo · Sudo

Liam Helmer

Published

2004-11-18

Updated

2017-07-11

CVE-2004-1051

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: sudo versions prior to 1.6.8p2

Description: The issue allows local users to execute arbitrary commands by utilizing "()" style environment variables to create functions with the same name as any program within the bash script that is called without using the program's full pathname.

Recommendations: For versions prior to 1.6.8p2, update to version 1.6.8p2 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1051

DSA-596-2

Affected Products

Sudo

PT-2004-2037 · Sudo · Sudo

CVE-2004-1051

Related Identifiers

Affected Products

References · 14