Debian: New sudo packages fix privilege escalation

    Date08 Apr 2006
    CategoryDebian
    4487
    Posted ByLinuxSecurity Advisories
    Updated package.
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA 946-2                     This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.debian.org/security/                             Martin Schulze
    April 8th, 2006                         http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : sudo
    Vulnerability  : missing input sanitising
    Problem type   : local
    Debian-specific: no
    CVE IDs        : CVE-2005-4158 CVE-2006-0151
    Debian Bug     : 342948
    
    The former correction to vulnerabilities in the sudo package worked
    fine but were too strict for some environments.  Therefore we have
    reviewed the changes again and allowed some environment variables to
    go back into the privileged execution environment.  Hence, this
    update.
    
    The configuration option "env_reset" is now activated by default.  It
    will preserve only the environment variables HOME, LOGNAME, PATH,
    SHELL, TERM, DISPLAY, XAUTHORITY, XAUTHORIZATION, LANG, LANGUAGE,
    LC_*, and USER in addition to the separate SUDO_* variables.
    
    For completeness please find below the original advisory text:
    
       It has been discovered that sudo, a privileged program, that
       provides limited super user privileges to specific users, passes
       several environment variables to the program that runs with
       elevated privileges.  In the case of include paths (e.g. for Perl,
       Python, Ruby or other scripting languages) this can cause arbitrary
       code to be executed as privileged user if the attacker points to a
       manipulated version of a system library.
    
       This update alters the former behaviour of sudo and limits the
       number of supported environment variables to LC_*, LANG, LANGUAGE
       and TERM.  Additional variables are only passed through when set as
       env_check in /etc/sudoers, which might be required for some scripts
       to continue to work.
    
    For the old stable distribution (woody) this problem has been fixed in
    version 1.6.6-1.6.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 1.6.8p7-1.4. 
    
    For the unstable distribution (sid) the same behaviour will be
    implemented soon.
    
    Upgrade Instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 3.0 alias woody
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.dsc
          Size/MD5 checksum:      589 fda4d1382149f25cfebf1699db73c2aa
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6.diff.gz
          Size/MD5 checksum:    14121 396faaedb67ff76a247a6946cae23d51
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
          Size/MD5 checksum:   333074 4da4bf6cf31634cc7a17ec3b69fdc333
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_alpha.deb
          Size/MD5 checksum:   152548 bbf4346a6956e646b5dd0c73059bb97c
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_arm.deb
          Size/MD5 checksum:   142328 3f58b32ce7cb6334c391e53da32e6fcd
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_i386.deb
          Size/MD5 checksum:   135988 90c493e545de6fb4e69041ff3adb5e64
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_ia64.deb
          Size/MD5 checksum:   173384 8db6ba716e87235971e32e87d03f2c40
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_hppa.deb
          Size/MD5 checksum:   148504 87976f60402cac2cee6e7d58f7dd63c8
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_m68k.deb
          Size/MD5 checksum:   133596 fe52aae580b7b0bc3ff9ac36012cede0
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mips.deb
          Size/MD5 checksum:   145228 933f52b4795e5acd1d69a10d569165b5
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_mipsel.deb
          Size/MD5 checksum:   145094 a4d7a6bdb7f26c1f29494a11ccf97a74
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_powerpc.deb
          Size/MD5 checksum:   141508 fd135af083103859e484e52119464662
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_s390.deb
          Size/MD5 checksum:   141078 2b5d766cce3ca1b94539d4965e97c01b
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.6_sparc.deb
          Size/MD5 checksum:   143808 39b46d2ca3289c4f2bd7d0228fc4eef7
    
    
    Debian GNU/Linux 3.1 alias sarge
    - --------------------------------
    
      Source archives:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.dsc
          Size/MD5 checksum:      573 40676c986431100eef088b1f3b3c1e03
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4.diff.gz
          Size/MD5 checksum:    21602 6cf5325a202a70e62c2a662e9de3d6c5
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
          Size/MD5 checksum:   585302 ad65d24f20c736597360d242515e412c
    
      Alpha architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_alpha.deb
          Size/MD5 checksum:   177688 64d7d8eb1188d58f197e121c55ce9ca0
    
      AMD64 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_amd64.deb
          Size/MD5 checksum:   171058 6870002928d01d45e0a5287cc2017a70
    
      ARM architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_arm.deb
          Size/MD5 checksum:   164372 31031e0fc73dd4a1a6cc57a44b514f88
    
      Intel IA-32 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_i386.deb
          Size/MD5 checksum:   160676 9eda34ab034ad6ab65e4f3ea1876015e
    
      Intel IA-64 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_ia64.deb
          Size/MD5 checksum:   195934 1df26a3372ea03ac840a40266fbf48d6
    
      HP Precision architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_hppa.deb
          Size/MD5 checksum:   171542 8e0ad3c6f597e27169864daf90eccb16
    
      Motorola 680x0 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_m68k.deb
          Size/MD5 checksum:   155874 900bed288f532882a0cccb798f871d77
    
      Big endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mips.deb
          Size/MD5 checksum:   169346 0f2094e3a4c51c83e9975b57a48b15a2
    
      Little endian MIPS architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_mipsel.deb
          Size/MD5 checksum:   169392 6be4e3681b8dc4ddc9777ed1f186285f
    
      PowerPC architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_powerpc.deb
          Size/MD5 checksum:   166290 76386481e58f6cfcd53c394877792950
    
      IBM S/390 architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_s390.deb
          Size/MD5 checksum:   169100 bab22d31f43acc189ec97458f5047133
    
      Sun Sparc architecture:
    
        http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.4_sparc.deb
          Size/MD5 checksum:   163168 e0cdf1a6ed38504a0b31904aa7c654cc
    
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"7","type":"x","order":"1","pct":58.33,"resources":[]},{"id":"88","title":"Should be more technical","votes":"3","type":"x","order":"2","pct":25,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"2","type":"x","order":"3","pct":16.67,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.