SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Security)  >  Sudo Vendors:  sudo.ws
sudo '-u' sudoedit Error Discloses Restricted Files to Local Users
SecurityTracker Alert ID:  1011342
SecurityTracker URL:  http://securitytracker.com/id?1011342
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Sep 17 2004
Impact:  Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): 1.6.8 only
Description:  A vulnerability was reported in sudo. A local user can view files with elevated privileges.

The vendor reported that a flaw in the '-u' sudoedit option in version 1.6.8 may allow a user to view files with elevated privileges.

It is reported that a local user can invoke sudoedit and replace a temporary file (used by the editor) with a link to a target file that the user does not have privileges to access. When the local user quits the editor, the edited file will contain a copy of the linked file.

Reznic Valery is credited with reporting this flaw.
Impact:  A local user with sudoedit privileges may be able to view files with elevated privileges.
Solution:  The vendor has released a fixed version (1.6.8p1), available at:

http://www.sudo.ws/sudo/download.html
Vendor URL:  www.sudo.ws/sudo/alerts/sudoedit.html (Links to External Site)
Cause:  Access control error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  je@sekure.net
Message History:   None.

 Source Message Contents
Date:  Thu, 16 Sep 2004 21:23:21 +0200 (CEST)
From:  je@sekure.net
Subject:  [sudo-announce] Sudo version 1.6.8p1 now available (fwd)

 


---------- Forwarded message ----------
Date: Thu, 16 Sep 2004 13:13:05 -0600
From: Todd C. Miller <Todd.Miller@courtesan.com>
To: sudo-announce@sudo.ws
Subject: [sudo-announce] Sudo version 1.6.8p1 now available

Sudo version 1.6.8, patchlevel 1 is now available.  It includes a
fix for a security flaw in sudoedit that could give a malicious
user read access to file that would normally be unreadable.  See
http://www.sudo.ws/sudo/alerts/sudoedit.html for more details.

Major changes since Sudo 1.6.8:

 o Sudoedit now re-opens the temp file as the invoking user
   and will only open regular files.

 o Better detection of unchanged files in sudoedit.

 o The path to ldap.conf is now configurable.

 o Added SSL tls_* certificate checking options when using LDAP.

 o The sample pam config file has been updated.

Commercial support is now available for Sudo.  If your organization
uses Sudo please consider purchasing a support contract to help
fund additional Sudo development at http://www.sudo.ws/support.html
Custom enhancements to Sudo may also be contracted for.

You can also help out by "purchasing" a copy of Sudo or making a
donation at http://www.sudo.ws/purchase.html

Sudo is still free software and I intend for it to remain so but
as I currently lack regular employment I am asking for help from
the Sudo community.  Your support will enable me to continue to
improve Sudo and complete projects such as a proper user's manual
and a major rewrite of large portions of Sudo.

You may recall news of a patent recently awarded to MicroSoft that
some people have said covers Sudo.  After reading through the patent
and conferring with several people I don't believe it covers Sudo
as it exists now since the patent appears to cover a persistent
daemon process.  However, the patent does seem overly broad and
could restrict future Sudo development so I am collecting prior
art in the hopes of having the patent re-evaluated.  If you have
examples of prior art, please contact me with details.

Master Web Site:
    http://www.sudo.ws/sudo/

Web Site Mirrors:
    http://sudo.stikman.com/ (Los Angeles, California, USA)
    http://mirage.informationwave.net/sudo/ (Fanwood, New Jersey, USA)
    http://www.mrv2k.net/sudo/ (Bend, Oregon, USA)
    http://www.signal42.com/mirrors/sudo_www/ (USA)
    http://sudo.xmundo.net/ (Argentina)
    http://sudo.planetmirror.com/ (Australia)
    http://sunshine.lv/sudo/ (Latvia)
    http://rexem.uni.cc/sudo/ (Kaunas, Lithuania)
    http://sudo.cdu.elektra.ru/ (Russia)
    http://sudo.nctu.edu.tw/ (Taiwan)

FTP Mirrors:
    ftp://anonopenbsd.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://ftp.cs.colorado.edu/pub/sudo/ (Boulder, Colorado, USA)
    ftp://obsd.isc.org/pub/sudo/ (Redwood City, California, USA)
    ftp://ftp.stikman.com/pub/sudo/ (Los Angeles, California, USA)
    ftp://ftp.tux.org/pub/security/sudo/ (Beltsville, Maryland, USA)
    ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    ftp://ftp.uwsg.indiana.edu/pub/security/sudo/ (Bloomington, Indiana, USA)
    ftp://ftp.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    ftp://sudo.xmundo.net/pub/mirrors/sudo/ (Argentina)
    ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ (Australia)
    ftp://ftp.tuwien.ac.at/utils/admin-tools/sudo/ (Austria)
    ftp://sunsite.ualberta.ca/pub/Mirror/sudo/ (Alberta, Canada)
    ftp://ftp.csc.cuhk.edu.hk/pub/packages/unix-tools/sudo/ (Hong Kong, China)
    ftp://ftp.eunet.cz/pub/security/sudo/ (Czechoslovakia)
    ftp://ftp.ujf-grenoble.fr/sudo/ (France)
    ftp://netmirror.org/ftp.sudo.ws/ (Frankfurt, Germany)
    ftp://ftp.win.ne.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.st.ryukoku.ac.jp/pub/security/tool/sudo/ (Japan)
    ftp://ftp.cin.nihon-u.ac.jp/pub/misc/sudo/ (Japan)
    ftp://core.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.ring.gr.jp/pub/misc/sudo/ (Japan)
    ftp://ftp.tpnet.pl/d6/ftp.sudo.ws/ (Poland)
    ftp://ftp.cdu.elektra.ru/pub/unix/security/sudo/ (Russia)
    ftp://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)

HTTP Mirrors:
    http://www.rge.com/pub/admin/sudo/ (Rochester, New York, USA)
    http://probsd.org/sudoftp/ (East Coast, USA)
    http://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/sudo/ (West Lafayette, Indiana, USA)
    http://www.signal42.com/mirrors/sudo_ftp/ (California, USA)
    http://netmirror.org/mirror/ftp.sudo.ws/ (Frankfurt, Germany)
    http://core.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://www.ring.gr.jp/archives/misc/sudo/ (Japan)
    http://ftp.tpnet.pl/vol/d6/ftp.sudo.ws/ (Poland)
    http://sudo.tsuren.net/dist/ (Moscow, Russian Federation)
    http://ftp.nsysu.edu.tw/Unix/Security/Sudo/ (Taiwan)
____________________________________________________________
sudo-announce mailing list <sudo-announce@sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-announce


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC