Vulnerability in Mandrakesoft Mandrake_linux
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's ful…
EPSS: 0.014 (68.4th percentile) — read the EPSS interpretation.
Affected products
- Mandrakesoft Mandrake_linux — versions 9.2, 10.0, 10.1
- Mandrakesoft Mandrake_linux_corporate_server — versions 2.1
- Mandrakesoft Mandrake_multi_network_firewall — versions 8.2
- Todd_miller Sudo — versions 1.5.6, 1.5.7, 1.5.8
- Trustix Secure_linux — versions 1.5, 2.0, 2.1
- Debian Debian_linux — versions 3.0
- Ubuntu Ubuntu_linux — versions 4.1
- N/a — versions n/a
References
- cve@mitre.org (x_refsource_UBUNTU, vendor-advisory)
- cve@mitre.org (x_refsource_CONFIRM)
- cve@mitre.org (vendor-advisory, x_refsource_OPENPKG)
- cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
- cve@mitre.org (vendor-advisory, x_refsource_MANDRAKE)
- cve@mitre.org (vendor-advisory, x_refsource_APPLE)
- cve@mitre.org (Patch, vdb-entry, x_refsource_BID, Vendor Advisory)
- cve@mitre.org (vendor-advisory, x_refsource_DEBIAN)
- cve@mitre.org (vdb-entry, x_refsource_XF)
- cve@mitre.org (vendor-advisory, x_refsource_TRUSTIX)