Red Hat Bugzilla – Bug 165182
missing sudo update for CVE 2004-1051
Last modified: 2007-04-18 13:30:12 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050523
Description of problem:
The bug described above was fixed for fc1 and older distributions y the fedora legacy project and in fc3 by the fedora project. It seems there is no fix package for fc2.
A flaw in exists in sudo's environment sanitizing prior to sudo
version 1.6.8p2 that could allow a malicious user with permission to
run a shell script that utilized the bash shell to run arbitrary
commands. The /bin/sh shell on most (if not all) Linux systems is bash.
Version-Release number of selected component (if applicable):
Let's track the next sudo update in one place, #162750, so closing this.
*** This bug has been marked as a duplicate of 162750 ***