Details of VAR-200503-0061

ID

VAR-200503-0061

CVE

CVE-2004-1051

TITLE

GratiSoft Sudo Restricted Command Execution Bypass Vulnerability

Trust: 0.9

sources: BID: 11668 // CNNVD: CNNVD-200503-006

DESCRIPTION

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. A restricted command execution bypass vulnerability affects GratiSoft's Sudo application. This issue is due to a design error that causes the application to fail to properly sanitize user-supplied environment variables. An attacker with sudo privileges may leverage this issue to execute commands that are explicitly disallowed. This may facilitate privileges escalation and certainly leads to a false sense of security

Trust: 1.98

sources: NVD: CVE-2004-1051 // JVNDB: JVNDB-2004-000488 // BID: 11668 // VULHUB: VHN-9481

AFFECTED PRODUCTS

vendor:	mandrakesoft	model:	mandrake linux corporate server	scope:	eq	version:	2.1	Trust: 1.6
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.2	Trust: 1.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.1	Trust: 1.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	2.0	Trust: 1.3
vendor:	trustix	model:	secure linux	scope:	eq	version:	1.5	Trust: 1.3
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.5.8	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.8	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	3.0	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p6	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	9.2	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.8_p1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.5_p1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p2	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake multi network firewall	scope:	eq	version:	8.2	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.7	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.5.9	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p5	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.5	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.4	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.4_p2	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p3	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.4_p1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p7	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3_p4	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.5.6	Trust: 1.0
vendor:	mandrakesoft	model:	mandrake linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.2	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.3	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.5_p2	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.6	Trust: 1.0
vendor:	ubuntu	model:	linux	scope:	eq	version:	4.1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.6.1	Trust: 1.0
vendor:	todd miller	model:	sudo	scope:	eq	version:	1.5.7	Trust: 1.0
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	1.1	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.0	Trust: 0.8
vendor:	cybertrust	model:	asianux server	scope:	eq	version:	2.1	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	10	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	7	Trust: 0.8
vendor:	turbo linux	model:	turbolinux server	scope:	eq	version:	8	Trust: 0.8
vendor:	ubuntu	model:	linux ppc	scope:	eq	version:	4.1	Trust: 0.3
vendor:	ubuntu	model:	linux ia64	scope:	eq	version:	4.1	Trust: 0.3
vendor:	ubuntu	model:	linux ia32	scope:	eq	version:	4.1	Trust: 0.3
vendor:	turbolinux	model:	workstation	scope:	eq	version:	8.0	Trust: 0.3
vendor:	turbolinux	model:	workstation	scope:	eq	version:	7.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	10.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	8.0	Trust: 0.3
vendor:	turbolinux	model:	server	scope:	eq	version:	7.0	Trust: 0.3
vendor:	turbolinux	model:	desktop	scope:	eq	version:	10.0	Trust: 0.3
vendor:	turbolinux	model:	home	scope:	-	version:	-	Trust: 0.3
vendor:	trustix	model:	secure enterprise linux	scope:	eq	version:	2.0	Trust: 0.3
vendor:	todd	model:	miller sudo p1	scope:	eq	version:	1.6.8	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.8	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.7	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.6	Trust: 0.3
vendor:	todd	model:	miller sudo p2	scope:	eq	version:	1.6.5	Trust: 0.3
vendor:	todd	model:	miller sudo p1	scope:	eq	version:	1.6.5	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.5	Trust: 0.3
vendor:	todd	model:	miller sudo p2	scope:	eq	version:	1.6.4	Trust: 0.3
vendor:	todd	model:	miller sudo p1	scope:	eq	version:	1.6.4	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.4	Trust: 0.3
vendor:	todd	model:	miller sudo p7	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo p6	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo p5	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo p4	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo p3	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo p2	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo p1	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.3	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.2	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6.1	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.6	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.5.9	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.5.8	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.5.7	Trust: 0.3
vendor:	todd	model:	miller sudo	scope:	eq	version:	1.5.6	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	9.0	Trust: 0.3
vendor:	redhat	model:	linux i686	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	linux i386	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	linux	scope:	eq	version:	7.3	Trust: 0.3
vendor:	redhat	model:	fedora core1	scope:	-	version:	-	Trust: 0.3
vendor:	mandriva	model:	linux mandrake x86 64	scope:	eq	version:	10.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.1	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	10.0	Trust: 0.3
vendor:	mandriva	model:	linux mandrake amd64	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandriva	model:	linux mandrake	scope:	eq	version:	9.2	Trust: 0.3
vendor:	mandrakesoft	model:	multi network firewall	scope:	eq	version:	2.0	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server x86 64	scope:	eq	version:	2.1	Trust: 0.3
vendor:	mandrakesoft	model:	corporate server	scope:	eq	version:	2.1	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux ppc	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux mipsel	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux m68k	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux hppa	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	3.0	Trust: 0.3
vendor:	debian	model:	linux alpha	scope:	eq	version:	3.0	Trust: 0.3
vendor:	gratisoft	model:	sudo p2	scope:	ne	version:	1.6.8	Trust: 0.3

sources: BID: 11668 // JVNDB: JVNDB-2004-000488 // CNNVD: CNNVD-200503-006 // NVD: CVE-2004-1051

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1051
value:	HIGH
Trust: 1.0
NVD:	CVE-2004-1051
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200503-006
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9481
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1051
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-9481
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9481 // JVNDB: JVNDB-2004-000488 // CNNVD: CNNVD-200503-006 // NVD: CVE-2004-1051

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1051

THREAT TYPE

local

Trust: 0.9

sources: BID: 11668 // CNNVD: CNNVD-200503-006

TYPE

Design Error

Trust: 0.9

sources: BID: 11668 // CNNVD: CNNVD-200503-006

CONFIGURATIONS

sources: JVNDB: JVNDB-2004-000488

PATCH

title:	sudo	url:	http://www.miraclelinux.com/support/update/data/sudo.html	Trust: 0.8
title:	TLSA-2005-17	url:	http://www.turbolinux.com/security/2005/TLSA-2005-17.txt	Trust: 0.8
title:	TLSA-2005-17	url:	http://www.turbolinux.co.jp/security/2005/TLSA-2005-17j.txt	Trust: 0.8

sources: JVNDB: JVNDB-2004-000488

EXTERNAL IDS

db:	BID	id:	11668	Trust: 2.8
db:	NVD	id:	CVE-2004-1051	Trust: 2.8
db:	SECTRACK	id:	1012224	Trust: 0.8
db:	JVNDB	id:	JVNDB-2004-000488	Trust: 0.8
db:	CNNVD	id:	CNNVD-200503-006	Trust: 0.7
db:	DEBIAN	id:	DSA-596	Trust: 0.6
db:	XF	id:	18055	Trust: 0.6
db:	UBUNTU	id:	USN-28-1	Trust: 0.6
db:	BUGTRAQ	id:	20041112 SUDO VERSION 1.6.8P2 NOW AVAILABLE (FWD)	Trust: 0.6
db:	TRUSTIX	id:	2004-0061	Trust: 0.6
db:	APPLE	id:	APPLE-SA-2005-05-03	Trust: 0.6
db:	MANDRAKE	id:	MDKSA-2004:133	Trust: 0.6
db:	OPENPKG	id:	OPENPKG-SA-2005.002	Trust: 0.6
db:	VULHUB	id:	VHN-9481	Trust: 0.1

sources: VULHUB: VHN-9481 // BID: 11668 // JVNDB: JVNDB-2004-000488 // CNNVD: CNNVD-200503-006 // NVD: CVE-2004-1051

REFERENCES

url:	http://www.securityfocus.com/bid/11668	Trust: 2.5
url:	http://lists.apple.com/archives/security-announce/2005/may/msg00001.html	Trust: 1.7
url:	http://www.sudo.ws/sudo/alerts/bash_functions.html	Trust: 1.7
url:	http://www.debian.org/security/2004/dsa-596	Trust: 1.7
url:	http://www.mandriva.com/security/advisories?name=mdksa-2004:133	Trust: 1.7
url:	http://www.trustix.org/errata/2004/0061/	Trust: 1.7
url:	https://www.ubuntu.com/usn/usn-28-1/	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/18055	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=110028877431192&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=110598298225675&w=2	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2004-1051	Trust: 0.8
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2004-1051	Trust: 0.8
url:	http://www.securitytracker.com/alerts/2004/nov/1012224.html	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/18055	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110598298225675&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110073149111410&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=110028877431192&w=2	Trust: 0.6
url:	http://www.courtesan.com/sudo/alerts/bash_functions.html	Trust: 0.3
url:	http://www.courtesan.com/sudo/sudo.html	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=110028877431192&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=110598298225675&w=2	Trust: 0.1

sources: VULHUB: VHN-9481 // BID: 11668 // JVNDB: JVNDB-2004-000488 // CNNVD: CNNVD-200503-006 // NVD: CVE-2004-1051

CREDITS

Discovery of this issue is credited to Liam Helmer.

Trust: 0.9

sources: BID: 11668 // CNNVD: CNNVD-200503-006

SOURCES

db:	VULHUB	id:	VHN-9481
db:	BID	id:	11668
db:	JVNDB	id:	JVNDB-2004-000488
db:	CNNVD	id:	CNNVD-200503-006
db:	NVD	id:	CVE-2004-1051

LAST UPDATE DATE

2024-08-14T13:10:52.620000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9481	date:	2017-07-11T00:00:00
db:	BID	id:	11668	date:	2009-07-12T08:06:00
db:	JVNDB	id:	JVNDB-2004-000488	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200503-006	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1051	date:	2017-07-11T01:30:41.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9481	date:	2005-03-01T00:00:00
db:	BID	id:	11668	date:	2004-11-12T00:00:00
db:	JVNDB	id:	JVNDB-2004-000488	date:	2007-04-01T00:00:00
db:	CNNVD	id:	CNNVD-200503-006	date:	2005-03-01T00:00:00
db:	NVD	id:	CVE-2004-1051	date:	2005-03-01T05:00:00