漏洞信息详情
GratiSoft Sudo 受限命令执行绕过漏洞
- CNNVD编号:CNNVD-200503-006
- 危害等级: 高危
![图片[1]-GratiSoft Sudo 受限命令执行绕过漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-09/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2004-1051
- 漏洞类型:
设计错误
- 发布时间:
2005-03-01
- 威胁类型:
本地
- 更新时间:
2005-10-20
- 厂 商:
mandrakesoft - 漏洞来源:
Discovery of this … -
漏洞简介
本地用户可以借助sudo 1.6.8p2之前版本,利用\”()\”样式环境变量创建与BASH脚本中任何程序同名的函数(即未使用程序的完整路径名),来执行任意命令。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Todd Miller Sudo 1.5.6
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.5.7
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.5.8
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.5.9
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.1
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.2
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p1
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p5
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p4
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p7
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p6
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p2
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.3 p3
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.4 p2
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.4 p1
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.4
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Mandrake sudo-1.6.4-3.2.M82mdk.i586.rpm Mandrake Multi Network Firewall 8.2
http://www.mandrakesecure.net/en/ftp.php
Todd Miller Sudo 1.6.5 p2
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
RedHat sudo-1.6.5p2-2.2.legacy.i386.rpm RedHat Linux 7.3
http://download.fedoralegacy.org/redhat/7.3/updates/i386/sudo-1.6.5p2-
2.2.legacy.i386.rpm
Todd Miller Sudo 1.6.5 p1
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.5
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Todd Miller Sudo 1.6.6
Debian sudo_1.6.6-1.2_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_alpha.deb
Debian sudo_1.6.6-1.2_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_armeb
Debian sudo_1.6.6-1.2_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_hppa.deb
Debian sudo_1.6.6-1.2_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_i386.deb
Debian sudo_1.6.6-1.2_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_ia64.deb
Debian sudo_1.6.6-1.2_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_m68k.deb
Debian sudo_1.6.6-1.2_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mips.deb
Debian sudo_1.6.6-1.2_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mipsel.deb
Debian sudo_1.6.6-1.2_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_powerpc.deb
Debian sudo_1.6.6-1.2_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_s390.deb
Debian sudo_1.6.6-1.2_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_sparc.deb
GratiSoft Sudo 1.6.8p2
http://www.courtesan.com/sudo/download.html
Mandrake sudo-1.6.6-2.1.C21mdk.i586.rpm
Mandrake Corporate Se
参考网址
来源: BID
名称: 11668
链接:http://www.securityfocus.com/bid/11668
来源: XF
名称: sudo-bash-command-execution(18055)
链接:http://xforce.iss.net/xforce/xfdb/18055
来源: TRUSTIX
名称: 2004-0061
链接:http://www.trustix.org/errata/2004/0061/
来源: www.sudo.ws
链接:http://www.sudo.ws/sudo/alerts/bash_functions.html
来源: DEBIAN
名称: DSA-596
链接:http://www.debian.org/security/2004/dsa-596
来源: APPLE
名称: APPLE-SA-2005-05-03
链接:http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
来源: MANDRAKE
名称: MDKSA-2004:133
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:133
来源: OPENPKG
名称: OpenPKG-SA-2005.002
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110598298225675&w=2
来源: UBUNTU
名称: USN-28-1
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110073149111410&w=2
来源: BUGTRAQ
名称: 20041112 Sudo version 1.6.8p2 now available (fwd)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110028877431192&w=2
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
