FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sudo -- privilege escalation with bash scripts

Affected packages
sudo < 1.6.8.2

Details

VuXML ID bdd1537b-354c-11d9-a9e7-0001020eed82
Discovery 2004-11-11
Entry 2004-11-13

A Sudo Security Alerts reports:

A flaw in exists in sudo's environment sanitizing prior to sudo version 1.6.8p2 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands.

References

URL http://www.courtesan.com/sudo/alerts/bash_functions.html