A flaw in exists in sudo’s environment sanitizing prior to sudo version 1.6.8p10 that could allow a malicious user with permission to run a shell script that utilized the bash shell to run arbitrary commands. The /bin/sh shell on most (if not all) Linux and Mac OS X systems is bash. Sudo versions affected: All versions prior to 1.6.8p10.
