A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
sudo
The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.1. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "()". For each of these variables a function with the same name is created, with the function body filled in from the environment variable's value.
A malicious user with sudo access to a shell script that uses bash can use this feature to substitute arbitrary commands for any non-fully-qualified programs called from the script. Therefore this flaw can lead to privilege escalation.