SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
(Trustix Issues Fix) Sudo System Administration Utility May Allow Local Users to Obtain Root Privileges on the Host By Executing Code Via Mail Transfer Agent (MTA)
SecurityTracker Alert ID:  1003294
SecurityTracker URL:  http://securitytracker.com/id/1003294
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 18 2002
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   The SuSE Security Team reported a vulnerability in sudo. A local user may be able to execute code on the host and obtain root privileges.

It is reported that a local user may be able to cause sudo to log failed sudo invocations and execute mail with root privileges while retaining some environment settings. Depending on the mail server that is installed, the local user could execute mail (e.g., sendmail in certain configurations, postfix) with root privileges and execute arbitrary code with root privileges.

Impact:   A local user could obtain root privileges on the host.
Solution:   The vendor has released a fix and recommends that all systems with this package installed be upgraded.

All TSL updates are available from:

<URI:http://www.trustix.net/pub/Trustix/updates/>
<URI:ftp://ftp.trustix.net/pub/Trustix/updates/>

Users of the SWUP tool can enjoy having updates automatically installed using 'swup --upgrade'.

The MD5sums of the packages are:

d78d0804a192f0a7ad860e248abc7ba1 ./1.5/SRPMS/sudo-1.6.5p1-2tr.src.rpm
05c7479176ea6ee63bbab31cfdb510d8 ./1.5/RPMS/sudo-1.6.5p1-2tr.i586.rpm
c001f12bae67590849696b1b528c13e5 ./1.2/SRPMS/sudo-1.6.5p1-1tr.src.rpm
69d504a85a3dc017773bfdabf96943cd ./1.2/RPMS/sudo-1.6.5p1-1tr.i586.rpm
c001f12bae67590849696b1b528c13e5 ./1.1/SRPMS/sudo-1.6.5p1-1tr.src.rpm
2ec9d52119f446b7512e2783e2897e55 ./1.1/RPMS/sudo-1.6.5p1-1tr.i586.rpm

Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Linux (Trustix)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 14 2002 Sudo System Administration Utility May Allow Local Users to Obtain Root Privileges on the Host By Executing Code Via Mail Transfer Agent (MTA)



 Source Message Contents

Subject:  TSLSA-2002-0021 - sudo


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Trustix Secure Linux Security Advisory #2002-0021

Package name:      sudo
Summary:           Fix by upstream version
Date:              2002-01-18
Affected versions: TSL 1.1, 1.2, 1.5

- --------------------------------------------------------------------------

Problem description:
  The old sudo package contined a possible local root exploit by which an 
  attacker could trick sudo into logging failed sudo calls and thereby 
  executing the postfix MTA with root privileges and environment that was not 
  completely clean. The problem has been fixed upstream.

Action:
  We recommend that all systems with this package installed are upgraded.
  Please note that if you do not need the functionality provided by this
  package, you may want to remove it form your system.


Location:
  All TSL updates are available from
  <URI:http://www.trustix.net/pub/Trustix/updates/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/updates/>


Automatic updates:
  Users of the SWUP tool can enjoy having updates automatically
  installed using 'swup --upgrade'.

  Get SWUP from:
  <URI:ftp://ftp.trustix.net/pub/Trustix/software/swup/>


Public testing:
  These packages have been available for public testing for some time.
  If you want to contribute by testing the various packages in the
  testing tree, please feel free to share your findings on the
  tsl-discuss mailinglist.
  The testing tree is located at
  <URI:http://www.trustix.net/pub/Trustix/testing/>
  <URI:ftp://ftp.trustix.net/pub/Trustix/testing/>
  

Questions?
  Check out our mailing lists:
  <URI:http://www.trustix.net/support/>


Verification:
  This advisory along with all TSL packages are signed with the TSL sign key.
  This key is available from:
  <URI:http://www.trustix.net/TSL-GPG-KEY>

  The advisory itself is available from the errata pages at
  <URI:http://www.trustix.net/errata/trustix-1.2/> and
  <URI:http://www.trustix.net/errata/trustix-1.5/>
  or directly at
  <URI:http://www.trustix.net/errata/misc/2002/TSL-2002-0021-sudo.asc.txt>


MD5sums of the packages:
- --------------------------------------------------------------------------
d78d0804a192f0a7ad860e248abc7ba1  ./1.5/SRPMS/sudo-1.6.5p1-2tr.src.rpm
05c7479176ea6ee63bbab31cfdb510d8  ./1.5/RPMS/sudo-1.6.5p1-2tr.i586.rpm
c001f12bae67590849696b1b528c13e5  ./1.2/SRPMS/sudo-1.6.5p1-1tr.src.rpm
69d504a85a3dc017773bfdabf96943cd  ./1.2/RPMS/sudo-1.6.5p1-1tr.i586.rpm
c001f12bae67590849696b1b528c13e5  ./1.1/SRPMS/sudo-1.6.5p1-1tr.src.rpm
2ec9d52119f446b7512e2783e2897e55  ./1.1/RPMS/sudo-1.6.5p1-1tr.i586.rpm
- --------------------------------------------------------------------------


Trustix Security Team

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD4DBQE8SCpLwRTcg4BxxS0RAnnZAJ9wymYl5g02cDi97J/3LYWFjEhPaQCXegRP
urcn66hwyTp0EnEuUpimhA==
=yLty
-----END PGP SIGNATURE-----

_______________________________________________
tsl-announce mailing list
tsl-announce@trustix.org
http://www.trustix.org/mailman/listinfo.cgi/tsl-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC