CVE-2004-1051

Publication date 1 March 2005

Last updated 24 July 2024

Ubuntu priority

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sudo	7.04 feisty	Fixed 1.6.8p12-1ubuntu6
	6.10 edgy	Fixed 1.6.8p12-1ubuntu6
	6.06 LTS dapper	Fixed 1.6.8p12-1ubuntu6

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2004-1051