SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Security)  >   Sudo Vendors:   sudo.ws
sudo '-u' sudoedit Error Discloses Restricted Files to Local Users
SecurityTracker Alert ID:  1011342
SecurityTracker URL:  http://securitytracker.com/id/1011342
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 17 2004
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.6.8 only
Description:   A vulnerability was reported in sudo. A local user can view files with elevated privileges.

The vendor reported that a flaw in the '-u' sudoedit option in version 1.6.8 may allow a user to view files with elevated privileges.

It is reported that a local user can invoke sudoedit and replace a temporary file (used by the editor) with a link to a target file that the user does not have privileges to access. When the local user quits the editor, the edited file will contain a copy of the linked file.

Reznic Valery is credited with reporting this flaw.

Impact:   A local user with sudoedit privileges may be able to view files with elevated privileges.
Solution:   The vendor has released a fixed version (1.6.8p1), available at:

http://www.sudo.ws/sudo/download.html

Vendor URL:  www.sudo.ws/sudo/alerts/sudoedit.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [sudo-announce] Sudo version 1.6.8p1 now available (fwd)



---------- Forwarded message ----------
Date: Thu, 16 Sep 2004 13:13:05 -0600
From: Todd C. Miller <Todd.Miller@courtesan.com>
To: sudo-announce@sudo.ws
Subject: [sudo-announce] Sudo version 1.6.8p1 now available

Sudo version 1.6.8, patchlevel 1 is now available.  It includes a
fix for a security flaw in sudoedit that could give a malicious
user read access to file that would normally be unreadable.  See
http://www.sudo.ws/sudo/alerts/sudoedit.html for more details.

Major changes since Sudo 1.6.8:

 o Sudoedit now re-opens the temp file as the invoking user
   and will only open regular files.

 o Better detection of unchanged files in sudoedit.

 o The path to ldap.conf is now configurable.

 o Added SSL tls_* certificate checking options when using LDAP.

 o The sample pam config file has been updated.

Commercial support is now available for Sudo.  If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted for.

You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html

Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community.  Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo.

You may recall news of a patent recently awarded to MicroSoft that
some people have said covers Sudo.  After reading through the patent
and conferring with several people I don't believe it covers Sudo
as it exists now since the patent appears to cover a persistent
daemon process.  However, the patent does seem overly broad and
could restrict future Sudo development so I am collecting prior
art in the hopes of having the patent re-evaluated.  If you have
examples of prior art, please contact me with details.

Master Web Site:
    http://www.sudo.ws/sudo/

Web Site Mirrors:
    http://sudo.stikman.com/ (Los Angeles, California, USA)
    http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
    http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
    http://www.signal42.com/mirrors/sudo_www/ (USA)
    http://sudo.xmundo.net/ (Argentina)
    http://sudo.planetmirror.com/ (Australia)
    http://sunshine.lv/sudo/ (Latvia)
    http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
    http://sudo.cdu.elektra.ru/ (Russia)
    http://sudo.nctu.edu.tw/ (Taiwan)

FTP Mirrors:
    ftp://anonopenbsd.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
    ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
    ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
    ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
    ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
    ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
    ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
    ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
    ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
    ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
    ftp://ftp.ujf-grenoble.fr/sudo/ (France)
    ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
    ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
    ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
    ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
    ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
    ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)

HTTP Mirrors:
    http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    http://probsd.org/sudoftp/ (East Coast, USA)
    http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
    http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
    http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
    http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
    http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC