SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Generic)  >   Sudo Vendors:   Miller, Todd C.
Sudo Administration Utility May Give Local Users Root-Level Access
SecurityTracker Alert ID:  1001366
SecurityTracker URL:  http://securitytracker.com/id/1001366
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 19 2001
Impact:   Execution of arbitrary code via local system, Root access via local system
Fix Available:  Yes  
Version(s): prior to version 1.6.3p6
Description:   The Sudo super user administration utility contains a vulnerability that allows a local user to execute arbitrary shell code on the server leading to root-level access.

Sudo is an application that is, by design, installed with set userid (suid) privileges. It is intended to allow a local user to execute certain commands under the privileges of another user (such as root) while providing command logging.

The logging code reportedly contains a a buffer overflow.

Impact:   A local user could execute arbitrary shell code on the server leading to root-level access.
Solution:   The vendor has released a fixed version. Read the source message for the SuSE advisory which indicates the proper fix for SuSE customers.
Vendor URL:  www.courtesan.com/sudo/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(FreeBSD Releases Fix) Re: Sudo Administration Utility May Give Local Users Root-Level Access   (FreeBSD Security Advisories <security-advisories@FreeBSD.ORG>)
FreeBSD released a fix.
(Fix Available for Mac OS X) Re: Sudo Administration Utility May Give Local Users Root-Level Access   (securemac <macsec@securemac.com>)
A fix has been released for Mac OS X.
(Exploit Code is Released) Re: Sudo Administration Utility May Give Local Users Root-Level Access   (Michel Kaempf <maxx@synnergy.net>)
Some exploit code is provided.
(Apple Releases Mac OS X Fix) Re: Sudo Administration Utility May Give Local Users Root-Level Access
Apple has released a fix.
(EnGarde Secure Linux Releases Fix) Re: Sudo Administration Utility May Give Local Users Root-Level Access   (EnGarde Secure Linux <security@guardiandigital.com>)
The vendor has released a fix.
(Red Hat Issues Fix) Re: Sudo Administration Utility May Give Local Users Root-Level Access   (bugzilla@redhat.com)
Red Hat has issued a fixed package.



 Source Message Contents

Date:  Thu, 19 Apr 2001 11:46:47 +0200 (CEST)
Subject:  [suse-security] SuSE Security Announcement: sudo (SuSE-SA:2001:13)


-----BEGIN PGP SIGNED MESSAGE-----

______________________________________________________________________________

                        SuSE Security Announcement

        Package:                sudo
        Announcement-ID:        SuSE-SA:2001:13
        Date:                   Wednesday, April 18th, 2001 12.26 MEST
        Affected SuSE versions: 6.1, 6.2, 6.3, 6.4, 7.0, 7.1
        Vulnerability Type:     possible local root compromise
        Severity (1-10):        6
        SuSE default package:   no
        Other affected systems: all systems using sudo

        Content of this advisory:
        1) security vulnerability resolved: sudo
           problem description, discussion, solution and upgrade information
        2) pending vulnerabilities, solutions, workarounds
        3) standard appendix (further information)

______________________________________________________________________________

1)  problem description, brief discussion, solution, upgrade information

    The setuid application sudo(8) allows a user to execute commands under
    the privileges of another user (including root).
    sudo(8) previous to version 1.6.3p6 is vulnerable by a buffer overflow
    in it's logging code, which could lead to local root compromise.

    There is no exploit known to be public.
    A useful workaround isn't possible, the only fix is to install the new
    sudo packages.

    Download the update package from locations described below and install
    the package with the command `rpm -Uhv file.rpm'. The md5sum for each
    file is in the line below. You can verify the integrity of the rpm
    files using the command
        `rpm --checksig --nogpg file.rpm',
    independently from the md5 signatures below.



    i386 Intel Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/sudo-1.6.3p6-3.i386.rpm
      b0d658c98effd4e11bed6d8c1f5f80f9
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/sudo-1.6.3p6-3.src.rpm
      a4b44f0998a165b3a69c598075420b7f

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/sudo-1.6.3p6-21.i386.rpm
      a002d657c7faf24b9fb5b430061e6c19
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/sudo-1.6.3p6-21.src.rpm
      d9ebc68015886fb642a1795e21bde788

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/ap1/sudo-1.5.9p1-79.i386.rpm
      8a25b40ba081be885b214410b3c662ce
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.4/zq1/sudo-1.5.9p1-79.src.rpm
      9a13efa0d76a4fe3cbda7dcd2e2befe0

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/ap1/sudo-1.5.9p1-80.i386.rpm
      a6e359c6449d764199bce3b7bc2867d8
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.3/zq1/sudo-1.5.9p1-80.src.rpm
      b89db78d5b8d04b10ac6e17c29cec1c4

    SuSE-6.2
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/ap1/sudo-1.5.9p1-79.i386.rpm
      c3fbbff2219bf948f9b209eefafab4fe
    source rpm:
    ftp://ftp.suse.com/pub/suse/i386/update/6.2/zq1/sudo-1.5.9p1-79.src.rpm
      85ae3e3b9ef159201bb661e8f83e82d3

    SuSE-6.1
      Packets for 6.1 won't be available, sorry.
      Try to install the 6.2-RPM, please.


    Sprac Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/ap1/sudo-1.6.3p6-8.sparc.rpm
      5531c5be20082b084e940d4e66dffea0
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/sudo-1.6.3p6-8.src.rpm
      98fb9920e8de32727deb5e4295ee70d4

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/sudo-1.6.3p6-9.sparc.rpm
      cdd87431019ace22d0a2b0d46b294856
    source rpm:
    ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/sudo-1.6.3p6-9.src.rpm
      846035dcf0e42d22aac5d0dc77d90a02



    AXP Alpha Platform:

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/sudo-1.6.3p6-12.alpha.rpm
      c0fea14a3c0e565892f150cf97d971ed
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/sudo-1.6.3p6-12.src.rpm
      42651a443d7ca62415bc2d3ef3dc5bde

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/ap1/sudo-1.5.9p1-79.alpha.rpm
      9a177de02176df90d8006fc7e8adae0d
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.4/zq1/sudo-1.5.9p1-79.src.rpm
      9f52a3df082ba513cbc0af5da6cccbe4

    SuSE-6.3
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/ap1/sudo-1.5.9p1-79.alpha.rpm
      5bbe1f211cb53758ad2840d192280269
    source rpm:
    ftp://ftp.suse.com/pub/suse/axp/update/6.3/zq1/sudo-1.5.9p1-79.src.rpm
      4687f818ab5dbc50b1c0a3b907775f30



    PPC PowerPC Platform:

    SuSE-7.1
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/ap1/sudo-1.6.3p6-5.ppc.rpm
      199a677423a84bc577a7a9199e5e22d4
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/sudo-1.6.3p6-5.src.rpm
      49ed607375823b56d819e0610e3a8d31

    SuSE-7.0
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/sudo-1.6.3p6-10.ppc.rpm
      03ffbcf07ba9a4222c75b162c97f9292
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/sudo-1.6.3p6-10.src.rpm
      a07d0b0283ca83e14c4d58ca9bcc933c

    SuSE-6.4
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/ap1/sudo-1.5.9p1-80.ppc.rpm
      b5c9dee89ee0101fa8ac5795c1e8e49c
    source rpm:
    ftp://ftp.suse.com/pub/suse/ppc/update/6.4/zq1/sudo-1.5.9p1-80.src.rpm
      bfc917660898fdf9f2de170895ca7b22


______________________________________________________________________________

2)  Pending vulnerabilities in SuSE Distributions and Workarounds:

    - New RPMs for HylaFax, a Fax Server, are currently being build, which
      fix a format bug in hfaxd, which could lead to local root privilege.

    - NEdit a GUI-style text editor needs an update due to a tmp race
      condition. The source code is currently being reviewed and new
      RPMs will be available within the next days.

    - Updated man RPMs will be available in a few days.

    - In the past weeks, some security related bugs in the Linux kernel 2.2
      and 2.4 were found. An announcement, that addresses this will be
      released this week.

    - Samba has serveral security problems, which could lead to local root
      access. Samba 2.0.8 fixes these problems. New RPMs are currently being
      build.

______________________________________________________________________________

3)  standard appendix:

    SuSE runs two security mailing lists to which any interested party may
    subscribe:

    suse-security@suse.com
        -   general/linux/SuSE security discussion.
            All SuSE security announcements are sent to this list.
            To subscribe, send an email to
                <suse-security-subscribe@suse.com>.

    suse-security-announce@suse.com
        -   SuSE's announce-only mailing list.
            Only SuSE's security annoucements are sent to this list.
            To subscribe, send an email to
                <suse-security-announce-subscribe@suse.com>.

    For general information or the frequently asked questions (faq)
    send mail to:
        <suse-security-info@suse.com> or
        <suse-security-faq@suse.com> respectively.

    ===============================================
    SuSE's security contact is <security@suse.com>.
    ===============================================

______________________________________________________________________________

    The information in this advisory may be distributed or reproduced,
    provided that the advisory is not modified in any way.
    SuSE GmbH makes no warranties of any kind whatsoever with respect
    to the information contained in this security advisory.


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv

iQEVAwUBOt6upXey5gA9JdPZAQE56gf/ezpPVXpQRzpr8BLU1bVi476xG64cRdWs
XEtnrjPHo6AJH1WpPM6ousQrYnP0PJW2yasmIg0zEVjQiiI3TmjxDayKKh5SaMmY
zq4Gm98XAJotBN/pNszmjlWJ1kAfLllux2m1GC8d24adS87YPoRROgBLx3//RxRj
DRsrw6wIEKIBfJkY1TMaS8lCT7Vdl5QhVsVDxKpygEtwwiSy2u0YKyRrfaY45vg4
M63exyEauwwn/Kyg79vQSbqI/u7dB2l9pW1TuMAy9BYZkkCJGKvaVUC/bnmMmTCx
dYRl7yFX/C69bfNMb4BcSAmkPct/FN4Lvq8RF7nTy4eiKTjB+TOJvw==
=mDVO
-----END PGP SIGNATURE-----

Bye,
     Thomas
-- 
  Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg
  E@mail: thomas@suse.de      Function: Security Support & Auditing
  "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka"
  Key fingerprint = 51 AD B9 C7 34 FC F2 54  01 4A 1C D4 66 64 09 84


---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC