7.2

CVE-2004-1051

EPSS 0.11%
Veröffentlicht 01.03.2005 05:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mandrakesoft ≫ Mandrake Multi Network Firewall Version8.2

Todd Miller ≫ Sudo Version1.5.6

Todd Miller ≫ Sudo Version1.5.7

Todd Miller ≫ Sudo Version1.5.8

Todd Miller ≫ Sudo Version1.5.9

Todd Miller ≫ Sudo Version1.6

Todd Miller ≫ Sudo Version1.6.1

Todd Miller ≫ Sudo Version1.6.2

Todd Miller ≫ Sudo Version1.6.3

Todd Miller ≫ Sudo Version1.6.3_p1

Todd Miller ≫ Sudo Version1.6.3_p2

Todd Miller ≫ Sudo Version1.6.3_p3

Todd Miller ≫ Sudo Version1.6.3_p4

Todd Miller ≫ Sudo Version1.6.3_p5

Todd Miller ≫ Sudo Version1.6.3_p6

Todd Miller ≫ Sudo Version1.6.3_p7

Todd Miller ≫ Sudo Version1.6.4

Todd Miller ≫ Sudo Version1.6.4_p1

Todd Miller ≫ Sudo Version1.6.4_p2

Todd Miller ≫ Sudo Version1.6.5

Todd Miller ≫ Sudo Version1.6.5_p1

Todd Miller ≫ Sudo Version1.6.5_p2

Todd Miller ≫ Sudo Version1.6.6

Todd Miller ≫ Sudo Version1.6.7

Todd Miller ≫ Sudo Version1.6.8

Todd Miller ≫ Sudo Version1.6.8_p1

Debian ≫ Debian Linux Version3.0 Editionalpha

Debian ≫ Debian Linux Version3.0 Editionarm

Debian ≫ Debian Linux Version3.0 Editionhppa

Debian ≫ Debian Linux Version3.0 Editionia-32

Debian ≫ Debian Linux Version3.0 Editionia-64

Debian ≫ Debian Linux Version3.0 Editionm68k

Debian ≫ Debian Linux Version3.0 Editionmips

Debian ≫ Debian Linux Version3.0 Editionmipsel

Debian ≫ Debian Linux Version3.0 Editionppc

Debian ≫ Debian Linux Version3.0 Editions-390

Debian ≫ Debian Linux Version3.0 Editionsparc

Mandrakesoft ≫ Mandrake Linux Version9.2

Mandrakesoft ≫ Mandrake Linux Version9.2 Editionamd64

Mandrakesoft ≫ Mandrake Linux Version10.0

Mandrakesoft ≫ Mandrake Linux Version10.0 Editionamd64

Mandrakesoft ≫ Mandrake Linux Version10.1

Mandrakesoft ≫ Mandrake Linux Version10.1 Editionx86_64

Mandrakesoft ≫ Mandrake Linux Corporate Server Version2.1

Mandrakesoft ≫ Mandrake Linux Corporate Server Version2.1 Editionx86_64

Trustix ≫ Secure Linux Version1.5

Trustix ≫ Secure Linux Version2.0

Trustix ≫ Secure Linux Version2.1

Trustix ≫ Secure Linux Version2.2

Ubuntu ≫ Ubuntu Linux Version4.1 Editionia64

Ubuntu ≫ Ubuntu Linux Version4.1 Editionppc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.11%	0.262

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

http://lists.apple.com/archives/security-announce/2005/May/msg00001.html

http://www.trustix.org/errata/2004/0061/

http://marc.info/?l=bugtraq&m=110028877431192&w=2

http://marc.info/?l=bugtraq&m=110598298225675&w=2

http://www.debian.org/security/2004/dsa-596

http://www.mandriva.com/security/advisories?name=MDKSA-2004:133

http://www.securityfocus.com/bid/11668

Patch

Vendor Advisory

http://www.sudo.ws/sudo/alerts/bash_functions.html

https://exchange.xforce.ibmcloud.com/vulnerabilities/18055

https://www.ubuntu.com/usn/usn-28-1/

https://nvd.nist.gov/vuln/detail/CVE-2004-1051

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1051

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1051

EUVD