MDKSA-2004:133

Package name

sudo

Date

2004-11-15

Advisory ID

MDKSA-2004:133

Affected versions

9.2 amd64 , CS2.1 x86_64 , 10.0 amd64 , 10.1 i586 , 10.0 i586 , 9.2 i586 , MNF8.2 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could allow a malicious users with permission to run a shell script that uses the bash shell to run arbitrary commands. The problem is fixed in sudo 1.6.8p2; the provided packages have been patched to correct the issue.

Updated packages

9.2 amd64

 1d91058004b977cbf66ebc8d26a69914  amd64/9.2/RPMS/sudo-1.6.7-0.p5.1.1.92mdk.amd64.rpm
af641eef73240e1dc44cbcec1892cd5e  amd64/9.2/SRPMS/sudo-1.6.7-0.p5.1.1.92mdk.src.rpm

CS2.1 x86_64

 25cdc11547c53f9e4d05735d84b0b476  x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.1.C21mdk.x86_64.rpm
c9fbf57d7049e55df6611b93b20a001e  x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.1.C21mdk.src.rpm

10.0 amd64

 073814b584cb6a32aadfd6c600c269ef  amd64/10.0/RPMS/sudo-1.6.7-0.p5.2.1.100mdk.amd64.rpm
adbdabba33671b5afd0ff68b87e4b096  amd64/10.0/SRPMS/sudo-1.6.7-0.p5.2.1.100mdk.src.rpm

10.1 i586

 fc4c625448dc802c55579ca6af5834e1  10.1/RPMS/sudo-1.6.8p1-1.1.101mdk.i586.rpm
877a322aacc1d8c5561e98ee9c93bd84  10.1/SRPMS/sudo-1.6.8p1-1.1.101mdk.src.rpm

10.0 i586

 aed2e76280051c66d07728a8def1f0d6  10.0/RPMS/sudo-1.6.7-0.p5.2.1.100mdk.i586.rpm
adbdabba33671b5afd0ff68b87e4b096  10.0/SRPMS/sudo-1.6.7-0.p5.2.1.100mdk.src.rpm

9.2 i586

 a0c78d8d8b3cb40984705268024887fc  9.2/RPMS/sudo-1.6.7-0.p5.1.1.92mdk.i586.rpm
af641eef73240e1dc44cbcec1892cd5e  9.2/SRPMS/sudo-1.6.7-0.p5.1.1.92mdk.src.rpm

MNF8.2 i586

 6a6b7fd3658fe72c6c95e5d7fed62669  mnf8.2/RPMS/sudo-1.6.4-3.2.M82mdk.i586.rpm
ed1e0c1fd7e689f21c5d5e9f5c7bbfed  mnf8.2/SRPMS/sudo-1.6.4-3.2.M82mdk.src.rpm

CS2.1 i586

 9cff2152ca21d080c95b5c50b6bc8f86  corporate/2.1/RPMS/sudo-1.6.6-2.1.C21mdk.i586.rpm
c9fbf57d7049e55df6611b93b20a001e  corporate/2.1/SRPMS/sudo-1.6.6-2.1.C21mdk.src.rpm

10.1 x86_64

 b2a2d9f7525977965eef6d42b24dd1e0  x86_64/10.1/RPMS/sudo-1.6.8p1-1.1.101mdk.x86_64.rpm
877a322aacc1d8c5561e98ee9c93bd84  x86_64/10.1/SRPMS/sudo-1.6.8p1-1.1.101mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1051
• http://www.sudo.ws/sudo/alerts/bash_functions.html