Lucene search

[email protected]NVD:CVE-2004-1051

HistoryMar 01, 2005 - 5:00 a.m.

CVE-2004-1051

2005-03-0105:00:00

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using “()” style environment variables to create functions that have the same name as any program within the bash script that is called without using the program’s full pathname.

Affected configurations

NVD

Node

mandrakesoftmandrake_multi_network_firewallMatch8.2

todd_millersudoMatch1.5.6

todd_millersudoMatch1.5.7

todd_millersudoMatch1.5.8

todd_millersudoMatch1.5.9

todd_millersudoMatch1.6

todd_millersudoMatch1.6.1

todd_millersudoMatch1.6.2

todd_millersudoMatch1.6.3

todd_millersudoMatch1.6.3_p1

todd_millersudoMatch1.6.3_p2

todd_millersudoMatch1.6.3_p3

todd_millersudoMatch1.6.3_p4

todd_millersudoMatch1.6.3_p5

todd_millersudoMatch1.6.3_p6

todd_millersudoMatch1.6.3_p7

todd_millersudoMatch1.6.4

todd_millersudoMatch1.6.4_p1

todd_millersudoMatch1.6.4_p2

todd_millersudoMatch1.6.5

todd_millersudoMatch1.6.5_p1

todd_millersudoMatch1.6.5_p2

todd_millersudoMatch1.6.6

todd_millersudoMatch1.6.7

todd_millersudoMatch1.6.8

todd_millersudoMatch1.6.8_p1

Node

debiandebian_linuxMatch3.0alpha

debiandebian_linuxMatch3.0arm

debiandebian_linuxMatch3.0hppa

debiandebian_linuxMatch3.0ia-32

debiandebian_linuxMatch3.0ia-64

debiandebian_linuxMatch3.0m68k

debiandebian_linuxMatch3.0mips

debiandebian_linuxMatch3.0mipsel

debiandebian_linuxMatch3.0ppc

debiandebian_linuxMatch3.0s-390

debiandebian_linuxMatch3.0sparc

mandrakesoftmandrake_linuxMatch9.2

mandrakesoftmandrake_linuxMatch9.2amd64

mandrakesoftmandrake_linuxMatch10.0

mandrakesoftmandrake_linuxMatch10.0amd64

mandrakesoftmandrake_linuxMatch10.1

mandrakesoftmandrake_linuxMatch10.1x86_64

mandrakesoftmandrake_linux_corporate_serverMatch2.1

mandrakesoftmandrake_linux_corporate_serverMatch2.1x86_64

trustixsecure_linuxMatch1.5

trustixsecure_linuxMatch2.0

trustixsecure_linuxMatch2.1

trustixsecure_linuxMatch2.2

ubuntuubuntu_linuxMatch4.1ia64

ubuntuubuntu_linuxMatch4.1ppc

References

lists.apple.com/archives/security-announce/2005/May/msg00001.html

marc.info/?l=bugtraq&m=110028877431192&w=2

marc.info/?l=bugtraq&m=110598298225675&w=2

www.debian.org/security/2004/dsa-596

www.mandriva.com/security/advisories?name=MDKSA-2004:133

www.securityfocus.com/bid/11668

www.sudo.ws/sudo/alerts/bash_functions.html

www.trustix.org/errata/2004/0061/

exchange.xforce.ibmcloud.com/vulnerabilities/18055

www.ubuntu.com/usn/usn-28-1/

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.9%

JSON

Related for NVD:CVE-2004-1051

nessus3 openvas6 altlinux3 debian4 cvelist1 debiancve1 ubuntucve1 osv1 cve1