Debian: New sudo packages fix pathname validation race

    Date07 Jul 2005
    CategoryDebian
    3966
    Posted ByJoe Shakespeare
    A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file.
    - ------------------------------------------------------------------------
    Debian Security Advisory DSA 735-2                   This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                            Michael Stone
    July 07, 2005                         http://www.debian.org/security/faq
    - ------------------------------------------------------------------------
    
    Package        : sudo
    Vulnerability  : pathname validation race
    Problem type   : local
    Debian-specific: no
    CVE Id(s)      : CAN-2005-1993
    Debian Bug     : 315115
    
    A local user who has been granted permission to run commands via sudo
    could run arbitrary commands as a privileged user due to a flaw in
    sudo's pathname validation. This bug only affects configurations which
    have restricted user configurations prior to an ALL directive in the
    configuration file. A workaround is to move any ALL directives to the
    beginning of the sudoers file; see the advisory at
    http://www.sudo.ws/sudo/alerts/path_race.html for more information.
    
    For the old stable Debian distribution (woody), this problem has been
    fixed in version 1.6.6-1.3woody1.
    
    For the current stable distribution (sarge), this problem has been fixed
    in version 1.6.8p7-1.1sarge1.
    
    For the unstable distribution, this problem has been fixed in version
    1.6.8p9-1.
    
    The only change since DSA 735-1 is the addition of certain architectures
    which were not available in the original advisory.
    
    We recommend that you upgrade your sudo package.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian 3.0 (woody)
    - ------------------
    
      woody was released for alpha, arm, hppa, i386, ia64, m68k, mips,
      mipsel, powerpc, s390 and sparc. Packages for all but arm & ia64 were
      released in DSA 735-1.
    
      arm architecture (ARM)
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_arm.deb
          Size/MD5 checksum:   140196 68a776aa70997915c4cd3b2513cfda9a
    
      ia64 architecture (Intel ia64)
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_ia64.deb
          Size/MD5 checksum:   170186 a7f5941729ed3e865b3809225de8c950
    
    
    Debian 3.1 (sarge)
    - ------------------
    
      sarge was released for alpha, arm, hppa, i386, ia64, m68k, mips,
      mipsel, powerpc, s390 and sparc. Packages for all but arm were
      released in DSA 735-1.
    
      arm architecture (ARM)
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_arm.deb
          Size/MD5 checksum:   163476 870b7104140d4170b2bbc663d431c333
    
    
    - -------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"40","type":"x","order":"1","pct":48.78,"resources":[]},{"id":"88","title":"Should be more technical","votes":"13","type":"x","order":"2","pct":15.85,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"29","type":"x","order":"3","pct":35.37,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.