Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 139671 - CAN-2004-1051 Bash scripts run via Sudo can be subverted
CAN-2004-1051 Bash scripts run via Sudo can be subverted
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: sudo (Show other bugs)
3.0
All Linux
medium Severity low
: ---
: ---
Assigned To: Karel Zak
http://www.sudo.ws/sudo/alerts/bash_f...
impact=low,public=20041111
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-11-17 07:20 EST by Richard Leyton
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-05-10 09:42:33 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Richard Leyton 2004-11-17 07:20:07 EST 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5)
Gecko/20041107 Firefox/1.0

Description of problem:
A flaw in exists in sudo's environment sanitizing prior to sudo
version 1.6.8p2 that could allow a malicious user with permission to
run a shell script that utilized the bash shell to run arbitrary
commands. The /bin/sh shell on most (if not all) Linux systems is bash.

Version-Release number of selected component (if applicable):
sudo-1.6.7p5-1

How reproducible:
Always

Steps to Reproduce:
See URL: http://www.sudo.ws/sudo/alerts/bash_functions.html

Actual Results:  Local user gains root privs

Additional info:
Comment 1 Josh Bressers 2004-11-18 05:58:58 EST 
Please see bug 139478 for additional information regarding this issue.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.