USN-28-1: sudo vulnerability
Publication date
18 November 2004
Overview
sudo vulnerability
Releases
Details
Liam Helmer discovered an input validation flaw in sudo. When the
standard shell "bash" starts up, it searches the environment for
variables with a value beginning with "()". For each of these
variables a function with the same name is created, with the function
body filled in from the environment variable's value.
A malicious user with sudo access to a shell script that uses bash can
use this feature to substitute arbitrary commands for any
non-fully-qualified programs called from the script. Therefore this
flaw can lead to privilege escalation.
Liam Helmer discovered an input validation flaw in sudo. When the
standard shell "bash" starts up, it searches the environment for
variables with a value beginning with "()". For each of these
variables a function with the same name is created, with the function
body filled in from the environment variable's value.
A malicious user with sudo access to a shell script that uses bash can
use this feature to substitute arbitrary commands for any
non-fully-qualified programs called from the script. Therefore this
flaw can lead to privilege escalation.
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 4.10 warty | sudo – | ||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.