CVE-2004-1051

Current Description

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Basic Data

PublishedMarch 01, 2005
Last ModifiedJuly 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.2
SeverityHIGH
Exploitability Score3.9
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationMandrakesoftMandrake Multi Network Firewall8.2*******
    2.3ApplicationTodd MillerSudo1.5.6*******
    2.3ApplicationTodd MillerSudo1.5.7*******
    2.3ApplicationTodd MillerSudo1.5.8*******
    2.3ApplicationTodd MillerSudo1.5.9*******
    2.3ApplicationTodd MillerSudo1.6*******
    2.3ApplicationTodd MillerSudo1.6.1*******
    2.3ApplicationTodd MillerSudo1.6.2*******
    2.3ApplicationTodd MillerSudo1.6.3*******
    2.3ApplicationTodd MillerSudo1.6.3_p1*******
    2.3ApplicationTodd MillerSudo1.6.3_p2*******
    2.3ApplicationTodd MillerSudo1.6.3_p3*******
    2.3ApplicationTodd MillerSudo1.6.3_p4*******
    2.3ApplicationTodd MillerSudo1.6.3_p5*******
    2.3ApplicationTodd MillerSudo1.6.3_p6*******
    2.3ApplicationTodd MillerSudo1.6.3_p7*******
    2.3ApplicationTodd MillerSudo1.6.4*******
    2.3ApplicationTodd MillerSudo1.6.4_p1*******
    2.3ApplicationTodd MillerSudo1.6.4_p2*******
    2.3ApplicationTodd MillerSudo1.6.5*******
    2.3ApplicationTodd MillerSudo1.6.5_p1*******
    2.3ApplicationTodd MillerSudo1.6.5_p2*******
    2.3ApplicationTodd MillerSudo1.6.6*******
    2.3ApplicationTodd MillerSudo1.6.7*******
    2.3ApplicationTodd MillerSudo1.6.8*******
    2.3ApplicationTodd MillerSudo1.6.8_p1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSDebianDebian Linux3.0*alpha*****
    2.3OSDebianDebian Linux3.0*arm*****
    2.3OSDebianDebian Linux3.0*hppa*****
    2.3OSDebianDebian Linux3.0*ia-32*****
    2.3OSDebianDebian Linux3.0*ia-64*****
    2.3OSDebianDebian Linux3.0*m68k*****
    2.3OSDebianDebian Linux3.0*mips*****
    2.3OSDebianDebian Linux3.0*mipsel*****
    2.3OSDebianDebian Linux3.0*ppc*****
    2.3OSDebianDebian Linux3.0*s-390*****
    2.3OSDebianDebian Linux3.0*sparc*****
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****
    2.3OSMandrakesoftMandrake Linux10.1*******
    2.3OSMandrakesoftMandrake Linux10.1*x86_64*****
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*******
    2.3OSMandrakesoftMandrake Linux Corporate Server2.1*x86_64*****
    2.3OSTrustixSecure Linux1.5*******
    2.3OSTrustixSecure Linux2.0*******
    2.3OSTrustixSecure Linux2.1*******
    2.3OSTrustixSecure Linux2.2*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****

Vulnerable Software List

VendorProductVersions
Debian Debian Linux 3.0
Ubuntu Ubuntu Linux 4.1
Mandrakesoft Mandrake Multi Network Firewall 8.2
Mandrakesoft Mandrake Linux 10.0, 10.1, 9.2
Mandrakesoft Mandrake Linux Corporate Server 2.1
Todd Miller Sudo 1.5.6, 1.5.7, 1.5.8, 1.5.9, 1.6, 1.6.1, 1.6.2, 1.6.3, 1.6.3_p1, 1.6.3_p2, 1.6.3_p3, 1.6.3_p4, 1.6.3_p5, 1.6.3_p6, 1.6.3_p7, 1.6.4, 1.6.4_p1, 1.6.4_p2, 1.6.5, 1.6.5_p1, 1.6.5_p2, 1.6.6, 1.6.7, 1.6.8, 1.6.8_p1
Trustix Secure Linux 1.5, 2.0, 2.1, 2.2

References

NameSourceURLTags
APPLE-SA-2005-05-03http://lists.apple.com/archives/security-announce/2005/May/msg00001.htmlAPPLE
20041112 Sudo version 1.6.8p2 now available (fwd)http://marc.info/?l=bugtraq&m=110028877431192&w=2BUGTRAQ
OpenPKG-SA-2005.002http://marc.info/?l=bugtraq&m=110598298225675&w=2OPENPKG
DSA-596http://www.debian.org/security/2004/dsa-596DEBIAN
MDKSA-2004:133http://www.mandriva.com/security/advisories?name=MDKSA-2004:133MANDRAKE
11668http://www.securityfocus.com/bid/11668BIDPatch Vendor Advisory
http://www.sudo.ws/sudo/alerts/bash_functions.htmlhttp://www.sudo.ws/sudo/alerts/bash_functions.htmlCONFIRM
2004-0061http://www.trustix.org/errata/2004/0061/TRUSTIX
sudo-bash-command-execution(18055)https://exchange.xforce.ibmcloud.com/vulnerabilities/18055XF
USN-28-1https://www.ubuntu.com/usn/usn-28-1/UBUNTU