From 166d8c8ca106c6bbefba5e56d8f04407fa8b3771 Mon Sep 17 00:00:00 2001 From: remko Date: Thu, 16 Feb 2006 14:20:23 +0000 Subject: Document sudo -- arbitrary command execution. --- security/vuxml/vuln.xml | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) (limited to 'security/vuxml') diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index bbac7f5ba9c..17caa0ef751 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,42 @@ Note: Please add new entries to the beginning of this file. --> + + sudo -- arbitrary command execution + + + sudo + 1.6.8.10 + + + + +

Tavis Ormandy reports:

+
The bash shell uses the value of the PS4 environment + variable (after expansion) as a prefix for commands run + in execution trace mode. Execution trace mode (xtrace) is + normally set via bash's -x command line option or + interactively by running "set -o xtrace". However, it may + also be enabled by placing the string "xtrace" in the + SHELLOPTS environment variable before bash is started.
+
A malicious user with sudo access to a shell script that + uses bash can use this feature to run arbitrary commands + for each line of the script.
+

+ + + + 15191 + CVE-2005-2959 + http://www.courtesan.com/sudo/alerts/bash_env.html + + + 2005-10-25 + 2006-02-16 + + + libtomcrypt -- weak signature scheme with ECC keys -- cgit