[Full-disclosure] [USN-213-1] sudo vulnerability

From: Martin Pitt (martin.pitt_at_canonical.com)
Date: 10/28/05

  • Next message: iDEFENSE Labs: "[Full-disclosure] iDefense Security Advisory 10.28.05: Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability" 
    Date: Fri, 28 Oct 2005 15:44:09 -0400
To: ubuntu-security-announce@lists.ubuntu.com

    ===========================================================
    Ubuntu Security Notice USN-213-1 October 28, 2005
    sudo vulnerability
    CVE-2005-2959
    ===========================================================

    A security issue affects the following Ubuntu releases:

    Ubuntu 4.10 (Warty Warthog)
    Ubuntu 5.04 (Hoary Hedgehog)
    Ubuntu 5.10 (Breezy Badger)

    The following packages are affected:

    sudo

    The problem can be corrected by upgrading the affected package to
    version 1.6.7p5-1ubuntu4.3 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.2 (for
    Ubuntu 5.04), or 1.6.8p9-2ubuntu2.1 (for Ubuntu 5.10). In general, a
    standard system upgrade is sufficient to effect the necessary changes.

    Details follow:

    Tavis Ormandy discovered a privilege escalation vulnerability in sudo.
    On executing shell scripts with sudo, the "P4" and "SHELLOPTS"
    environment variables were not cleaned properly. If sudo is set up to
    grant limited sudo privileges to normal users this could be exploited
    to run arbitrary commands as the target user.

    Updated packags for Ubuntu 4.10:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3.diff.gz
          Size/MD5: 21082 c81698c37a6dabb9eccf9d9c4a0b48e9
        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3.dsc
          Size/MD5: 585 dfd36c233ae8bfb0b16d6995683c4bb6
        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5.orig.tar.gz
          Size/MD5: 349785 55d503e5c35bf1ea83d38244e0242aaf

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_amd64.deb
          Size/MD5: 156228 ea32212dcf00d19b65df967cf16d7138

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_i386.deb
          Size/MD5: 145676 f04e61af4af0740dbd21f8365be2005e

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_powerpc.deb
          Size/MD5: 153246 70cf540392b2fa601564cfb1a2b3b1e7

    Updated packags for Ubuntu 5.04:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2.diff.gz
          Size/MD5: 24513 1a6fa0bf72bdc96cd873c10d2607c470
        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2.dsc
          Size/MD5: 585 6b50f803e5627991dc92846244e7ae08
        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5.orig.tar.gz
          Size/MD5: 584832 03538d938b8593d6f1d66ec6c067b5b5

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_amd64.deb
          Size/MD5: 170356 3c158ee2844029be088446f6a58b0aae

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_i386.deb
          Size/MD5: 158662 5c72a5a138b401fe03d164ae6a454bd3

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_powerpc.deb
          Size/MD5: 165390 831a1b3806ec0e2ebd4429cf0334dd4e

    Updated packags for Ubuntu 5.10:

      Source archives:

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1.diff.gz
          Size/MD5: 21867 259154beb440d8162588bbf30d697d98
        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1.dsc
          Size/MD5: 585 8439503439e0bc52951aa0b71c93904f
        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9.orig.tar.gz
          Size/MD5: 585509 6d0346abd16914956bc7ea4f17fc85fb

      amd64 architecture (Athlon64, Opteron, EM64T Xeon)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_amd64.deb
          Size/MD5: 172296 0e01662adeada9a1a20431f576059f05

      i386 architecture (x86 compatible Intel/AMD)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_i386.deb
          Size/MD5: 158766 f3858eb968eaa1ae295d39cfe3e4e7d0

      powerpc architecture (Apple Macintosh G3/G4/G5)

        http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_powerpc.deb
          Size/MD5: 166862 84538e98f7e7bb93a37fa228e55a7fb5

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.grok.org.uk/full-disclosure-charter.html
    Hosted and sponsored by Secunia - http://secunia.com/

  • Next message: iDEFENSE Labs: "[Full-disclosure] iDefense Security Advisory 10.28.05: Multiple Vendor chmlib CHM File Handling Buffer Overflow Vulnerability"

    Relevant Pages