CVE-2004-1051

Published: Mar 1, 2005Modified: Apr 16, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Affected (51)

Products: Mandrakesoft: Mandrake Multi Network Firewall, Mandrake Linux, Mandrake Linux Corporate Server · Todd Miller: Sudo · Debian: Debian Linux · +2 more

Show all products

Mandrakesoft: Mandrake Multi Network Firewall, Mandrake Linux, Mandrake Linux Corporate Server · Todd Miller: Sudo · Debian: Debian Linux · Trustix: Secure Linux · Ubuntu: Ubuntu Linux

Mandrakesoft

3 products

Mandrake Multi Network Firewall

Mandrake Linux

Mandrake Linux Corporate Server

1 product

1 product

1 product

1 product

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Mandrakesoft Mandrake Multi Network Firewall	Version 8.2
Todd Miller Sudo	Version 1.5.6
Todd Miller Sudo	Version 1.5.7
Todd Miller Sudo	Version 1.5.8
Todd Miller Sudo	Version 1.5.9
Todd Miller Sudo	Version 1.6.1
Todd Miller Sudo	Version 1.6.2
Todd Miller Sudo	Version 1.6.3
Todd Miller Sudo	Version 1.6.3_p1
Todd Miller Sudo	Version 1.6.3_p2
Todd Miller Sudo	Version 1.6.3_p3
Todd Miller Sudo	Version 1.6.3_p4
Todd Miller Sudo	Version 1.6.3_p5
Todd Miller Sudo	Version 1.6.3_p6
Todd Miller Sudo	Version 1.6.3_p7
Todd Miller Sudo	Version 1.6.4
Todd Miller Sudo	Version 1.6.4_p1
Todd Miller Sudo	Version 1.6.4_p2
Todd Miller Sudo	Version 1.6.5
Todd Miller Sudo	Version 1.6.5_p1
Todd Miller Sudo	Version 1.6.5_p2
Todd Miller Sudo	Version 1.6.6
Todd Miller Sudo	Version 1.6.7
Todd Miller Sudo	Version 1.6.8
Todd Miller Sudo	Version 1.6.8_p1
Todd Miller Sudo	Version 1.6

Configuration B

25 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Debian Debian Linux	Version 3.0
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.0
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 10.1
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux	Version 9.2
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Mandrakesoft Mandrake Linux Corporate Server	Version 2.1
Trustix Secure Linux	Version 1.5
Trustix Secure Linux	Version 2.0
Trustix Secure Linux	Version 2.1
Trustix Secure Linux	Version 2.2
Ubuntu Ubuntu Linux	Version 4.1
Ubuntu Ubuntu Linux	Version 4.1