LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Interview: Kristen Carlson Accardi

LWN.net Weekly Edition for July 24, 2008

Tracing: no shortage of options

Interview: Wind River's John Bruggeman

LWN.net Weekly Edition for July 17, 2008

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

sudo: environment variable sanitizing

Package(s):sudo CVE #(s):CAN-2004-1051
Created:November 17, 2004 Updated:May 15, 2005
Description: Versions of sudo prior to 1.6.8p2 fail to properly sanitize the environment prior to running shell scripts; this failure can be exploited by a sudo user to subvert scripts and obtain shell access. See the 1.6.8p2 announcement for more information.
Alerts:
Mandrake MDKSA-2004:133 2004-11-15
Ubuntu USN-28-1 2004-11-17
Debian DSA-596-1 2004-11-24
Debian DSA-596-2 2004-11-24
OpenPKG OpenPKG-SA-2005.002 2005-01-17
Fedora-Legacy FLSA:152856 2005-05-12
(Log in to post comments)

Copyright © 2008, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds
Powered by Rackspace Managed Hosting.