Bug 165182 - missing sudo update for CVE 2004-1051
missing sudo update for CVE 2004-1051
Status: CLOSED DUPLICATE of bug 162750
Product: Fedora Legacy
Classification: Retired
Component: sudo (Show other bugs)
fc2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-04 18:25 EDT by Wilfried Teiken
Modified: 2007-04-18 13:30 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-06 00:13:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Wilfried Teiken 2005-08-04 18:25:36 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050523

Description of problem:

The bug described above was fixed for fc1 and older distributions y the fedora legacy project and in fc3 by the fedora project. It seems there is no fix package for fc2.


A flaw in exists in sudo's environment sanitizing prior to sudo
version 1.6.8p2 that could allow a malicious user with permission to
run a shell script that utilized the bash shell to run arbitrary
commands. The /bin/sh shell on most (if not all) Linux systems is bash.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139671
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478
http://www.sudo.ws/sudo/alerts/bash_functions.html

Version-Release number of selected component (if applicable):


How reproducible:
Didn't try


Additional info:
Comment 1 Pekka Savola 2005-08-06 00:13:01 EDT
Let's track the next sudo update in one place, #162750, so closing this.

*** This bug has been marked as a duplicate of 162750 ***

Note You need to log in before you can comment on or make changes to this bug.