SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
(Fix is Available for Red Hat Powertools) Sudo System Administration Utility May Allow Local Users to Obtain Root Privileges on the Host By Executing Code Via Sendmail
SecurityTracker Alert ID:  1003236
SecurityTracker URL:  http://securitytracker.com/id/1003236
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 15 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   The SuSE Security Team reported a vulnerability in sudo. A local user may be able to execute code on the host and obtain root privileges.

It is reported that a local user may be able to cause sudo to log failed sudo invocations and execute mail with root privileges while retaining some environment settings. Depending on the mail server that is installed, the local user could execute mail (e.g., sendmail in certain configurations, postfix) with root privileges and execute arbitrary code with root privileges.

Impact:   A local user could obtain root privileges on the host.
Solution:   The vendor has released a fix.

Red Hat Powertools 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/powertools/SRPMS/sudo-1.6.4-0.6x.2.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/powertools/alpha/sudo-1.6.4-0.6x.2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/powertools/i386/sudo-1.6.4-0.6x.2.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/powertools/sparc/sudo-1.6.4-0.6x.2.sparc.rpm



7. Verification:

MD5 sum Package Name
--------------------------------------------------------------------------
f392e76c338e57c92d86d392ec79bae8 6.2/en/powertools/SRPMS/sudo-1.6.4-0.6x.2.src.rpm
72db8fbf661746bebbab87de50183b35 6.2/en/powertools/alpha/sudo-1.6.4-0.6x.2.alpha.rpm
78c9a8dcd055d709030b072dc44259bb 6.2/en/powertools/i386/sudo-1.6.4-0.6x.2.i386.rpm
7ff399944c2185843c76533b97a06528 6.2/en/powertools/sparc/sudo-1.6.4-0.6x.2.sparc.rpm

See the Source Message for the vendor's advisory containing directions on how to apply the appropriate fix.

Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:   Linux (Red Hat Linux)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2002 Sudo System Administration Utility May Allow Local Users to Obtain Root Privileges on the Host By Executing Code Via Mail Transfer Agent (MTA)



 Source Message Contents

Date:  Tue, 15 Jan 2002 03:55 -0500
Subject:  [RHSA-2002:013-03] Updated sudo package is available


---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated sudo package is available
Advisory ID:       RHSA-2002:013-03
Issue date:        2002-01-14
Updated on:        2002-01-14
Product:           Red Hat Powertools
Keywords:          sudo environment root exploit
Cross references:  RHSA-2002:011
Obsoletes:         
---------------------------------------------------------------------

1. Topic:

This updated sudo package fixes a potential local root exploit.

2. Relevant releases/architectures:

Red Hat Powertools 6.2 - alpha, i386, sparc

3. Problem description:

Versions of sudo prior to 1.6.4 would not clear the environment before
sending an email notification about unauthorized sudo attempts, making it
possible for an attacker to supply parameters to the mail program. In the
worst case, this could lead to a local root exploit.

Users of sudo are advised to upgrade to version 1.6.4, which is not
vulnerable to this issue.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed (http://bugzilla.redhat.com/bugzilla for more info):



6. RPMs required:

Red Hat Powertools 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/powertools/SRPMS/sudo-1.6.4-0.6x.2.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/powertools/alpha/sudo-1.6.4-0.6x.2.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/powertools/i386/sudo-1.6.4-0.6x.2.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/powertools/sparc/sudo-1.6.4-0.6x.2.sparc.rpm



7. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
f392e76c338e57c92d86d392ec79bae8 6.2/en/powertools/SRPMS/sudo-1.6.4-0.6x.2.src.rpm
72db8fbf661746bebbab87de50183b35 6.2/en/powertools/alpha/sudo-1.6.4-0.6x.2.alpha.rpm
78c9a8dcd055d709030b072dc44259bb 6.2/en/powertools/i386/sudo-1.6.4-0.6x.2.i386.rpm
7ff399944c2185843c76533b97a06528 6.2/en/powertools/sparc/sudo-1.6.4-0.6x.2.sparc.rpm
 

These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>

8. References:

http://www.courtesan.com/sudo/sudo.html


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.



_______________________________________________
Redhat-watch-list mailing list
To unsubscribe, visit: https://listman.redhat.com/mailman/listinfo/redhat-watch-list

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC