CVE-2004-1051
Severity Score
7.2
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2004-11-17 CVE Reserved
- 2004-11-18 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110028877431192&w=2 | Mailing List | |
| http://www.sudo.ws/sudo/alerts/bash_functions.html | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18055 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/bid/11668 | 2017-07-11 |
| URL | Date | SRC |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2005/May/msg00001.html | 2017-07-11 | |
| http://marc.info/?l=bugtraq&m=110598298225675&w=2 | 2017-07-11 | |
| http://www.debian.org/security/2004/dsa-596 | 2017-07-11 | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2004:133 | 2017-07-11 | |
| http://www.trustix.org/errata/2004/0061 | 2017-07-11 | |
| https://www.ubuntu.com/usn/usn-28-1 | 2017-07-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Multi Network Firewall Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" | 8.2 Search vendor "Mandrakesoft" for product "Mandrake Multi Network Firewall" and version "8.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.5.6 Search vendor "Todd Miller" for product "Sudo" and version "1.5.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.5.7 Search vendor "Todd Miller" for product "Sudo" and version "1.5.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.5.8 Search vendor "Todd Miller" for product "Sudo" and version "1.5.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.5.9 Search vendor "Todd Miller" for product "Sudo" and version "1.5.9" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p3 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p3" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.3_p7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.3_p7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.4_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.4_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5_p1" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.5_p2 Search vendor "Todd Miller" for product "Sudo" and version "1.6.5_p2" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.6 Search vendor "Todd Miller" for product "Sudo" and version "1.6.6" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.7 Search vendor "Todd Miller" for product "Sudo" and version "1.6.7" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.8 Search vendor "Todd Miller" for product "Sudo" and version "1.6.8" | - |
Affected
| ||||||
| Todd Miller Search vendor "Todd Miller" | Sudo Search vendor "Todd Miller" for product "Sudo" | 1.6.8_p1 Search vendor "Todd Miller" for product "Sudo" and version "1.6.8_p1" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | alpha |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | arm |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | hppa |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ia-32 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ia-64 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | m68k |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | mips |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | mipsel |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | ppc |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | s-390 |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.0 Search vendor "Debian" for product "Debian Linux" and version "3.0" | sparc |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 9.2 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "9.2" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 9.2 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "9.2" | amd64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.0 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.0" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.0 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.0" | amd64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.1" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Search vendor "Mandrakesoft" for product "Mandrake Linux" | 10.1 Search vendor "Mandrakesoft" for product "Mandrake Linux" and version "10.1" | x86_64 |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Corporate Server Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" | 2.1 Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "2.1" | - |
Affected
| ||||||
| Mandrakesoft Search vendor "Mandrakesoft" | Mandrake Linux Corporate Server Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" | 2.1 Search vendor "Mandrakesoft" for product "Mandrake Linux Corporate Server" and version "2.1" | x86_64 |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 1.5 Search vendor "Trustix" for product "Secure Linux" and version "1.5" | - |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 2.0 Search vendor "Trustix" for product "Secure Linux" and version "2.0" | - |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 2.1 Search vendor "Trustix" for product "Secure Linux" and version "2.1" | - |
Affected
| ||||||
| Trustix Search vendor "Trustix" | Secure Linux Search vendor "Trustix" for product "Secure Linux" | 2.2 Search vendor "Trustix" for product "Secure Linux" and version "2.2" | - |
Affected
| ||||||
| Ubuntu Search vendor "Ubuntu" | Ubuntu Linux Search vendor "Ubuntu" for product "Ubuntu Linux" | 4.1 Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1" | ia64 |
Affected
| ||||||
| Ubuntu Search vendor "Ubuntu" | Ubuntu Linux Search vendor "Ubuntu" for product "Ubuntu Linux" | 4.1 Search vendor "Ubuntu" for product "Ubuntu Linux" and version "4.1" | ppc |
Affected
| ||||||