CVE-2004-1051

10 documents7 sources

Severity

7.2HIGH

EPSS

0.3%

top 49.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Debian Linux Mandrakesoft Mandrake Linux Mandrakesoft Mandrake Linux Corporate Server +4 more

Timeline

PublishedMar 1

Latest updateApr 29

Description

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages6 packages

▶Debiansudo< 1.6.8p3-1+3

▶NVDtodd_miller/sudo25 versions+24

▶NVDtrustix/secure_linux4 versions+3

▶NVDmandrakesoft/mandrake_linux10.0, 10.1, 9.2+2

▶NVDmandrakesoft/mandrake_linux_corporate_server2.1

Also affects: Debian Linux 3.0, Ubuntu Linux 4.1

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-792w-v225-x939: sudo before 1↗2022-04-29

▶

OSV

CVE-2004-1051: sudo before 1↗2005-03-01

▶

CVEList

CVE-2004-1051: sudo before 1↗2004-11-18

▶

📋Vendor Advisories

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Red Hat

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-11

▶

Debian

CVE-2004-1051: sudo - sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "(...↗2004

▶

💬Community

Bugzilla

missing sudo update for CVE 2004-1051↗2005-08-04

▶

Bugzilla

CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)↗2004-11-16

▶