SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Security)  >   Sudo Vendors:   sudo.ws
Sudo Environment Variable Validation Error May Let Local Users Run Arbitrary Commands
SecurityTracker Alert ID:  1012224
SecurityTracker URL:  http://securitytracker.com/id/1012224
CVE Reference:   CAN-2004-1051   (Links to External Site)
Updated:  Nov 24 2004
Original Entry Date:  Nov 13 2004
Impact:   Execution of arbitrary code via local system, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 1.6.8p2
Description:   A vulnerability was reported in sudo. A local user may be able to run arbitrary shell commands.

Liam Helmer reported that the software does not properly validate environment variables. If the bash shell is installed on the target system and the local user has permission to execute bash scripts, then the local user can exploit a sudo feature to substitute arbitrary commands in any non-fully qualified programs called from the bash script.

Impact:   A local user may be able to execute arbitrary commands on the target system.
Solution:   The vendor has released a fixed version (1.6.8p2), available at:

http://www.sudo.ws/sudo/

Vendor URL:  www.sudo.ws/sudo/alerts/bash_functions.html (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 17 2004 (Mandrake Issues Fix) Sudo Environment Variable Validation Error May Let Local Users Run Arbitrary Commands   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Nov 24 2004 (Debian Issues Fix) Sudo Environment Variable Validation Error May Let Local Users Run Arbitrary Commands   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
May 4 2005 (Apple Issues Fix) Sudo Environment Variable Validation Error May Let Local Users Run Arbitrary Commands   (Apple Product Security <product-security@apple.com>)
Apple has released a fix for Mac OS X.



 Source Message Contents

Date:  Fri, 12 Nov 2004 17:52:06 +0100 (CET)
Subject:  Sudo version 1.6.8p2 now available (fwd)



---------- Forwarded message ----------
Date: Fri, 12 Nov 2004 09:21:07 -0700
From: Todd C. Miller <Todd.Miller@courtesan.com>
To: sudo-announce@sudo.ws
Subject: [sudo-announce] Sudo version 1.6.8p2 now available

Sudo version 1.6.8, patchlevel 2 is now available.  It includes a fix
for a security flaw in sudo's environment cleaning that could give a
malicious user with sudo access to a bash script the ability to run
arbitrary commands.  See http://www.sudo.ws/sudo/alerts/bash_functions.html
for more details.

Changes since Sudo 1.6.8p1:

 o Bash exported functions and the CDPATH variable are now stripped from
   the environment passed to the program to be executed.

Commercial support is now available for Sudo.  If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted.

You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html

Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community.  Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo (currently underway).

Master Web Site:
    http://www.sudo.ws/sudo/

Web Site Mirrors:
    http://sudo.stikman.com/ (Los Angeles, California, USA)
    http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
    http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
    http://www.signal42.com/mirrors/sudo_www/ (USA)
    http://sudo.xmundo.net/ (Argentina)
    http://sudo.planetmirror.com/ (Australia)
    http://sunshine.lv/sudo/ (Latvia)
    http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
    http://sudo.cdu.elektra.ru/ (Russia)
    http://sudo.nctu.edu.tw/ (Taiwan)

FTP Mirrors:
    ftp://plier.ucar.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
    ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
    ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
    ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
    ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
    ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
    ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
    ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
    ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
    ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
    ftp://ftp.ujf-grenoble.fr/sudo/ (France)
    ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
    ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
    ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
    ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
    ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
    ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)

HTTP Mirrors:
    http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    http://probsd.org/sudoftp/ (East Coast, USA)
    http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
    http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
    http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
    http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
    http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC