LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

sudo: environment variable sanitizing

Package(s):sudo CVE #(s):CAN-2004-1051
Created:November 17, 2004 Updated:May 15, 2005
Description: Versions of sudo prior to 1.6.8p2 fail to properly sanitize the environment prior to running shell scripts; this failure can be exploited by a sudo user to subvert scripts and obtain shell access. See the 1.6.8p2 announcement for more information.
Alerts:
Fedora-Legacy FLSA:152856 2005-05-12
OpenPKG OpenPKG-SA-2005.002 2005-01-17
Debian DSA-596-2 2004-11-24
Debian DSA-596-1 2004-11-24
Ubuntu USN-28-1 2004-11-17
Mandrake MDKSA-2004:133 2004-11-15
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds