CVE-2004-1051

Published Mar 1, 2005
Last updated 7 years ago
CVSS info 7.2
Overview

Description: sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: NVD-CWE-Other
Hype score: Not currently trending
Vendor comments

Red HatWe do not consider this to be a security issue: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4F3F3BB-E004-4FD9-9580-F2D5F3ED3701"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6060C8CB-1592-479E-86AD-AC180F855BD7"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6DAA88C-BADD-405A-9E66-5B0839595A70"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "04D5E3B7-5377-4CA8-BA0D-056870CB717E"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22C11931-B594-43EC-9698-7152B1DF8CA3"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "976B5923-1BCC-4DE6-A904-930DD833B937"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5452DF1-0270-452D-90EB-45E9A084B94C"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CBFD12E6-F92E-4371-ADA7-BCD41E4C9014"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67FDF4FB-06FA-4A10-A3CF-F52169BC8072"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5B29018-B495-482A-8FF7-66821A178F9A"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38718561-70C7-4E0D-9313-87A5E82ED338"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D057064A-9B34-4224-97BA-4D5840A92BE0"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3C297DC-69B1-4BE6-A5EF-D320BD0CA968"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "338A92AC-92D2-40BF-9FAC-884AF6F74D55"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "26DB5610-03CE-425E-8855-70D5787029FE"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5DFC86C-7743-4F27-BC10-170F04C23D7B"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5170421-BA0C-4365-9CD6-BD232EA08680"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5909AAA4-4AF9-4D23-87C5-5D7787909B02"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2170CFD0-2594-45FB-B68F-0A75114F00A8"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03C07744-CAE8-44C6-965E-2A09BAE1F36C"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B17E0E59-C928-49AB-BAA7-4AE638B376D1"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "294FC65B-4225-475A-B49A-758823CEDECD"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6156B085-AA17-458C-AED1-D658275E43B9"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B6419309-385F-4525-AD4B-C73B1A3ED935"
          },
          {
            "criteria": "cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "51F7E821-2908-47F1-9665-E9D68ECC242F"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6B060E4-B5A6-4469-828E-211C52542547"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "974C3541-990C-4CD4-A05A-38FA74A84632"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "58792F77-B06F-4780-BA25-FE1EE6C3FDD9"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9419322-572F-4BB6-8416-C5E96541CF33"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFC50555-C084-46A3-9C9F-949C5E3BB448"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C25D6E1-D283-4CEA-B47B-60C47A5C0797"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD18A446-C634-417E-86AC-B19B6DDDC856"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4BB852E-61B2-4842-989F-C6C0C901A8D7"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24DD9D59-E2A2-4116-A887-39E8CC2004FC"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F28D7457-607E-4E0C-909A-413F91CFCD82"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4177C378-7729-46AB-B49B-C6DAED3200E7"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3528DABD-B821-4D23-AE12-614A9CA92C46"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E661D58-18DF-4CCF-9892-F873618F4535"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0F0D201-B1DC-4024-AF77-A284673618F3"
          },
          {
            "criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "052E3862-BFB7-42E7-889D-8590AFA8EF37"
          },
          {
            "criteria": "cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39605B96-BAD6-45C9-BB9A-43D6E2C51ADD"
          },
          {
            "criteria": "cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA"
          },
          {
            "criteria": "cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A67735E5-E43E-4164-BDB2-ADC6E0288E9F"
          },
          {
            "criteria": "cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5AB70F82-52BB-4D0D-9A24-9AF67278466D"
          },
          {
            "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6E94583A-5184-462E-9FC4-57B35DA06DA7"
          },
          {
            "criteria": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E905FAAD-37B6-4DD0-A752-2974F8336273"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References
