Bug 139478 - (CVE-2004-1051, CVE-2005-4158, CVE-2006-0151) CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-2006-0151)
CVE-2004-1051 bash scripts run via Sudo can be subverted (CVE-2005-4158, CVE-...
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: sudo (Show other bugs)
rawhide
All Linux
medium Severity low
: ---
: ---
Assigned To: Thomas Woerner
Ben Levenson
http://www.sudo.ws/sudo/alerts/bash_f...
impact=low,public=20041111
: Security
: 175297 175403 182390 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-16 03:11 EST by Jindrich Novy
Modified: 2015-03-12 03:31 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-19 20:38:08 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jindrich Novy 2004-11-16 03:11:09 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20041020
Firefox/0.10.1

Description of problem:
Please see the URL:
http://www.sudo.ws/sudo/alerts/bash_functions.html
to see proper description.

Version-Release number of selected component (if applicable):
sudo-1.6.7p5

How reproducible:
Always

Steps to Reproduce:
To reproduce please follow the description in the "Details:" part of
the page.

Additional info:
Note that this issue can be easily fixed by upgrading sudo to 1.6.8p2.
Comment 1 Josh Bressers 2004-11-16 08:44:59 EST
This issue is not a proper fix, nor should it pose a security issue
for users of sudo.

The fundamental purpose behind sudo is to give trusted users the
ability to perform certain actions as root, without actually having
the root password.  There are countless other ways to trick sudo into
doing things it shouldn't be (hence the word "trusted").  This fix
represents a false sense of security and should be considered
incomplete at best.

If an administrator is worried about untrusted users altering the
environment, they should be setting the env_reset variable in the
sudoers file.  This will clean the whole environment, not just worry
about some aliases being set.  There are a number of other environment
variables that a user can alter to cause a script to have undesired
consequences.

The real solution to this issue is to set the env_reset variable by
default in the installed /etc/sudoers file, and let an administrator
unset it if they so desire.

We should also leverage the features of selinux to further limit the
reach of sudo in order to keep a target system protected.
Comment 3 Josh Bressers 2006-02-22 06:52:10 EST
*** Bug 182390 has been marked as a duplicate of this bug. ***
Comment 4 Josh Bressers 2006-05-30 07:53:59 EDT
*** Bug 175403 has been marked as a duplicate of this bug. ***
Comment 5 Josh Bressers 2006-05-30 07:54:29 EDT
*** Bug 175295 has been marked as a duplicate of this bug. ***
Comment 6 Josh Bressers 2006-05-30 07:54:50 EDT
*** Bug 175297 has been marked as a duplicate of this bug. ***
Comment 7 Mark J. Cox (Product Security) 2008-01-24 05:13:24 EST
Statement for NVD:

If an administrator is concerned that users who have been granted sudo
privileges can alter the environment, the existing "env_reset" option should be
used which cleans the whole environment.  

Note You need to log in before you can comment on or make changes to this bug.