cve-2004-1051
Vulnerability from cvelistv5
Published
2004-11-18 05:00
Modified
2024-08-08 00:39
Severity ?
EPSS score ?
0.06% (0.2834)
Summary
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
References
cve@mitre.orghttp://lists.apple.com/archives/security-announce/2005/May/msg00001.html
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110028877431192&w=2
cve@mitre.orghttp://marc.info/?l=bugtraq&m=110598298225675&w=2
cve@mitre.orghttp://www.debian.org/security/2004/dsa-596
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDKSA-2004:133
cve@mitre.orghttp://www.securityfocus.com/bid/11668Patch, Vendor Advisory
cve@mitre.orghttp://www.sudo.ws/sudo/alerts/bash_functions.html
cve@mitre.orghttp://www.trustix.org/errata/2004/0061/
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/18055
cve@mitre.orghttps://www.ubuntu.com/usn/usn-28-1/
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110028877431192&w=2
af854a3a-2127-422b-91ae-364da2661108http://marc.info/?l=bugtraq&m=110598298225675&w=2
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2004/dsa-596
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDKSA-2004:133
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/11668Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.sudo.ws/sudo/alerts/bash_functions.html
af854a3a-2127-422b-91ae-364da2661108http://www.trustix.org/errata/2004/0061/
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/18055
af854a3a-2127-422b-91ae-364da2661108https://www.ubuntu.com/usn/usn-28-1/
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-08T00:39:00.761Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "USN-28-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "https://www.ubuntu.com/usn/usn-28-1/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.sudo.ws/sudo/alerts/bash_functions.html",
               },
               {
                  name: "OpenPKG-SA-2005.002",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_OPENPKG",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=110598298225675&w=2",
               },
               {
                  name: "20041112 Sudo version 1.6.8p2 now available (fwd)",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://marc.info/?l=bugtraq&m=110028877431192&w=2",
               },
               {
                  name: "MDKSA-2004:133",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_MANDRAKE",
                     "x_transferred",
                  ],
                  url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:133",
               },
               {
                  name: "APPLE-SA-2005-05-03",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_APPLE",
                     "x_transferred",
                  ],
                  url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html",
               },
               {
                  name: "11668",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/11668",
               },
               {
                  name: "DSA-596",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2004/dsa-596",
               },
               {
                  name: "sudo-bash-command-execution(18055)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18055",
               },
               {
                  name: "2004-0061",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_TRUSTIX",
                     "x_transferred",
                  ],
                  url: "http://www.trustix.org/errata/2004/0061/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2004-11-12T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \"()\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-07-10T14:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "USN-28-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "https://www.ubuntu.com/usn/usn-28-1/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.sudo.ws/sudo/alerts/bash_functions.html",
            },
            {
               name: "OpenPKG-SA-2005.002",
               tags: [
                  "vendor-advisory",
                  "x_refsource_OPENPKG",
               ],
               url: "http://marc.info/?l=bugtraq&m=110598298225675&w=2",
            },
            {
               name: "20041112 Sudo version 1.6.8p2 now available (fwd)",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://marc.info/?l=bugtraq&m=110028877431192&w=2",
            },
            {
               name: "MDKSA-2004:133",
               tags: [
                  "vendor-advisory",
                  "x_refsource_MANDRAKE",
               ],
               url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:133",
            },
            {
               name: "APPLE-SA-2005-05-03",
               tags: [
                  "vendor-advisory",
                  "x_refsource_APPLE",
               ],
               url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html",
            },
            {
               name: "11668",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/11668",
            },
            {
               name: "DSA-596",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2004/dsa-596",
            },
            {
               name: "sudo-bash-command-execution(18055)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18055",
            },
            {
               name: "2004-0061",
               tags: [
                  "vendor-advisory",
                  "x_refsource_TRUSTIX",
               ],
               url: "http://www.trustix.org/errata/2004/0061/",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2004-1051",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \"()\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "USN-28-1",
                     refsource: "UBUNTU",
                     url: "https://www.ubuntu.com/usn/usn-28-1/",
                  },
                  {
                     name: "http://www.sudo.ws/sudo/alerts/bash_functions.html",
                     refsource: "CONFIRM",
                     url: "http://www.sudo.ws/sudo/alerts/bash_functions.html",
                  },
                  {
                     name: "OpenPKG-SA-2005.002",
                     refsource: "OPENPKG",
                     url: "http://marc.info/?l=bugtraq&m=110598298225675&w=2",
                  },
                  {
                     name: "20041112 Sudo version 1.6.8p2 now available (fwd)",
                     refsource: "BUGTRAQ",
                     url: "http://marc.info/?l=bugtraq&m=110028877431192&w=2",
                  },
                  {
                     name: "MDKSA-2004:133",
                     refsource: "MANDRAKE",
                     url: "http://www.mandriva.com/security/advisories?name=MDKSA-2004:133",
                  },
                  {
                     name: "APPLE-SA-2005-05-03",
                     refsource: "APPLE",
                     url: "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html",
                  },
                  {
                     name: "11668",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/11668",
                  },
                  {
                     name: "DSA-596",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2004/dsa-596",
                  },
                  {
                     name: "sudo-bash-command-execution(18055)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/18055",
                  },
                  {
                     name: "2004-0061",
                     refsource: "TRUSTIX",
                     url: "http://www.trustix.org/errata/2004/0061/",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2004-1051",
      datePublished: "2004-11-18T05:00:00",
      dateReserved: "2004-11-17T00:00:00",
      dateUpdated: "2024-08-08T00:39:00.761Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2004-1051\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-03-01T05:00:00.000\",\"lastModified\":\"2024-11-20T23:49:58.583\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"sudo before 1.6.8p2 allows local users to execute arbitrary commands by using \\\"()\\\" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4F3F3BB-E004-4FD9-9580-F2D5F3ED3701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6060C8CB-1592-479E-86AD-AC180F855BD7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6DAA88C-BADD-405A-9E66-5B0839595A70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04D5E3B7-5377-4CA8-BA0D-056870CB717E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.5.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22C11931-B594-43EC-9698-7152B1DF8CA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"976B5923-1BCC-4DE6-A904-930DD833B937\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5452DF1-0270-452D-90EB-45E9A084B94C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFD12E6-F92E-4371-ADA7-BCD41E4C9014\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67FDF4FB-06FA-4A10-A3CF-F52169BC8072\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5B29018-B495-482A-8FF7-66821A178F9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38718561-70C7-4E0D-9313-87A5E82ED338\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D057064A-9B34-4224-97BA-4D5840A92BE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3C297DC-69B1-4BE6-A5EF-D320BD0CA968\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F4C1FFB-F6AA-4DED-9C54-DCB274F59A44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"338A92AC-92D2-40BF-9FAC-884AF6F74D55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.3_p7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26DB5610-03CE-425E-8855-70D5787029FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5DFC86C-7743-4F27-BC10-170F04C23D7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5170421-BA0C-4365-9CD6-BD232EA08680\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.4_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5909AAA4-4AF9-4D23-87C5-5D7787909B02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2170CFD0-2594-45FB-B68F-0A75114F00A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03C07744-CAE8-44C6-965E-2A09BAE1F36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.5_p2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B17E0E59-C928-49AB-BAA7-4AE638B376D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"294FC65B-4225-475A-B49A-758823CEDECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6156B085-AA17-458C-AED1-D658275E43B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6419309-385F-4525-AD4B-C73B1A3ED935\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:todd_miller:sudo:1.6.8_p1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51F7E821-2908-47F1-9665-E9D68ECC242F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*\",\"matchCriteriaId\":\"A6B060E4-B5A6-4469-828E-211C52542547\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*\",\"matchCriteriaId\":\"974C3541-990C-4CD4-A05A-38FA74A84632\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*\",\"matchCriteriaId\":\"6CBF1E0F-C7F3-4F83-9E60-6E63FA7D2775\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*\",\"matchCriteriaId\":\"58792F77-B06F-4780-BA25-FE1EE6C3FDD9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*\",\"matchCriteriaId\":\"C9419322-572F-4BB6-8416-C5E96541CF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*\",\"matchCriteriaId\":\"BFC50555-C084-46A3-9C9F-949C5E3BB448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*\",\"matchCriteriaId\":\"9C25D6E1-D283-4CEA-B47B-60C47A5C0797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*\",\"matchCriteriaId\":\"AD18A446-C634-417E-86AC-B19B6DDDC856\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*\",\"matchCriteriaId\":\"E4BB852E-61B2-4842-989F-C6C0C901A8D7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*\",\"matchCriteriaId\":\"24DD9D59-E2A2-4116-A887-39E8CC2004FC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*\",\"matchCriteriaId\":\"F28D7457-607E-4E0C-909A-413F91CFCD82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4177C378-7729-46AB-B49B-C6DAED3200E7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:9.2:*:amd64:*:*:*:*:*\",\"matchCriteriaId\":\"2164D10D-D1A4-418A-A9C8-CA8FAB1E90A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A06E5CD0-8BEC-4F4C-9E11-1FEE0563946C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.0:*:amd64:*:*:*:*:*\",\"matchCriteriaId\":\"A3BDD466-84C9-4CFC-A3A8-7AC0F752FB53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3528DABD-B821-4D23-AE12-614A9CA92C46\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux:10.1:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"9E661D58-18DF-4CCF-9892-F873618F4535\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F0D201-B1DC-4024-AF77-A284673618F3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:x86_64:*:*:*:*:*\",\"matchCriteriaId\":\"052E3862-BFB7-42E7-889D-8590AFA8EF37\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trustix:secure_linux:1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39605B96-BAD6-45C9-BB9A-43D6E2C51ADD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53AF1A2D-B0A2-4097-AD1D-DF3AF27171BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trustix:secure_linux:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A67735E5-E43E-4164-BDB2-ADC6E0288E9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:trustix:secure_linux:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AB70F82-52BB-4D0D-9A24-9AF67278466D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*\",\"matchCriteriaId\":\"6E94583A-5184-462E-9FC4-57B35DA06DA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*\",\"matchCriteriaId\":\"E905FAAD-37B6-4DD0-A752-2974F8336273\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2005/May/msg00001.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq&m=110028877431192&w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq&m=110598298225675&w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2004/dsa-596\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:133\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11668\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.sudo.ws/sudo/alerts/bash_functions.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.trustix.org/errata/2004/0061/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18055\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.ubuntu.com/usn/usn-28-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2005/May/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq&m=110028877431192&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq&m=110598298225675&w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2004/dsa-596\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:133\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11668\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.sudo.ws/sudo/alerts/bash_functions.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.trustix.org/errata/2004/0061/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18055\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.ubuntu.com/usn/usn-28-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"We do not consider this to be a security issue:\\nhttp://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478#c1\",\"lastModified\":\"2006-08-30T00:00:00\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.