Ubuntu Security Notice (C) 2004-2013 Canonical, Inc. / NASL script (C) 2006-2013 Tenable Network Security, Inc.
The remote Ubuntu host is missing a security-related patch.
Liam Helmer discovered an input validation flaw in sudo. When the
standard shell 'bash' starts up, it searches the environment for
variables with a value beginning with '()'. For each of these
variables a function with the same name is created, with the function
body filled in from the environment variable's value.
A malicious user with sudo access to a shell script that uses bash can
use this feature to substitute arbitrary commands for any
non-fully-qualified programs called from the script. Therefore this
flaw can lead to privilege escalation.
Update the affected sudo package.
Risk factor :