sudo before 1.6.8p2 allows local users to execute arbitrary commands by using () style environment variables to create functions that have the same name as any program within the bash script that is called without using the programs full pathname.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mandrake_multi_network_firewall | Mandrakesoft | 8.2 (including) | 8.2 (including) |
| Sudo | Todd_miller | 1.5.6 (including) | 1.5.6 (including) |
| Sudo | Todd_miller | 1.5.7 (including) | 1.5.7 (including) |
| Sudo | Todd_miller | 1.5.8 (including) | 1.5.8 (including) |
| Sudo | Todd_miller | 1.5.9 (including) | 1.5.9 (including) |
| Sudo | Todd_miller | 1.6 (including) | 1.6 (including) |
| Sudo | Todd_miller | 1.6.1 (including) | 1.6.1 (including) |
| Sudo | Todd_miller | 1.6.2 (including) | 1.6.2 (including) |
| Sudo | Todd_miller | 1.6.3 (including) | 1.6.3 (including) |
| Sudo | Todd_miller | 1.6.3_p1 (including) | 1.6.3_p1 (including) |
| Sudo | Todd_miller | 1.6.3_p2 (including) | 1.6.3_p2 (including) |
| Sudo | Todd_miller | 1.6.3_p3 (including) | 1.6.3_p3 (including) |
| Sudo | Todd_miller | 1.6.3_p4 (including) | 1.6.3_p4 (including) |
| Sudo | Todd_miller | 1.6.3_p5 (including) | 1.6.3_p5 (including) |
| Sudo | Todd_miller | 1.6.3_p6 (including) | 1.6.3_p6 (including) |
| Sudo | Todd_miller | 1.6.3_p7 (including) | 1.6.3_p7 (including) |
| Sudo | Todd_miller | 1.6.4 (including) | 1.6.4 (including) |
| Sudo | Todd_miller | 1.6.4_p1 (including) | 1.6.4_p1 (including) |
| Sudo | Todd_miller | 1.6.4_p2 (including) | 1.6.4_p2 (including) |
| Sudo | Todd_miller | 1.6.5 (including) | 1.6.5 (including) |
| Sudo | Todd_miller | 1.6.5_p1 (including) | 1.6.5_p1 (including) |
| Sudo | Todd_miller | 1.6.5_p2 (including) | 1.6.5_p2 (including) |
| Sudo | Todd_miller | 1.6.6 (including) | 1.6.6 (including) |
| Sudo | Todd_miller | 1.6.7 (including) | 1.6.7 (including) |
| Sudo | Todd_miller | 1.6.8 (including) | 1.6.8 (including) |
| Sudo | Todd_miller | 1.6.8_p1 (including) | 1.6.8_p1 (including) |
| Sudo | Ubuntu | dapper | * |
| Sudo | Ubuntu | devel | * |
| Sudo | Ubuntu | edgy | * |
| Sudo | Ubuntu | feisty | * |
References
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- http://marc.info/?l=bugtraq\u0026m=110028877431192\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110598298225675\u0026w=2
- http://www.debian.org/security/2004/dsa-596
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:133
- http://www.securityfocus.com/bid/11668
- http://www.sudo.ws/sudo/alerts/bash_functions.html
- http://www.trustix.org/errata/2004/0061/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18055
- https://www.ubuntu.com/usn/usn-28-1/
- http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
- http://marc.info/?l=bugtraq\u0026m=110028877431192\u0026w=2
- http://marc.info/?l=bugtraq\u0026m=110598298225675\u0026w=2
- http://www.debian.org/security/2004/dsa-596
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:133
- http://www.securityfocus.com/bid/11668
- http://www.sudo.ws/sudo/alerts/bash_functions.html
- http://www.trustix.org/errata/2004/0061/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18055
- https://www.ubuntu.com/usn/usn-28-1/