Bug 580441 (CVE-2010-1163)
| Summary: | CVE-2010-1163 sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426 | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED ERRATA | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | unspecified | CC: | amarecek, dkopecek, security-response-team, vdanen | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2010-12-22 15:56:48 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 580525, 580526, 580527 | ||||||
| Bug Blocks: | |||||||
| Attachments: |
|
||||||
|
Description
Tomas Hoger
2010-04-08 09:44:44 UTC
Created attachment 405247 [details]
Upstream patch
As with the original flaw, sudo versions in Red Hat Enterprise Linux 3 and 4 were not affected by this flaw, as they do not support sudoedit special command. This issue did *not* affect sudo 1.6.9p17 packages released in RHSA-2010:0122 fixing CVE-2010-0426. In that sudo version, ignore_dot option value can not be changed from the sudoers configuration file and the compile-time default value is always used ('on' in RHEL sudo packages, configure run with --with-ignore-dot), as is documented in the sudoers manpage: ignore_dot [ ... ] This flag is on by default. Currently, while it is possible to set ignore_dot in sudoers, its value is not used. This option should be considered read-only (it will be fixed in a future version of sudo). However, RHBA-2010:0212, released as part of Red Hat Enterprise Linux 5.5, rebased sudo packages to upstream version 1.7.2p1, which allows changing ignore_dot option value using the sudoers configuration file. Hence, only users that already upgraded to RHEL-5.5 sudo packages and changed ignore_dot default value in the sudoers file can be affected by this flaw. (In reply to comment #1) > Created an attachment (id=405247) [details] > Upstream patch Committed upstream as: http://sudo.ws/repos/sudo/rev/07de8e40cb4c Public now via: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html Fixed upstream in versions 1.7.2p6 and 1.6.9p22. sudo-1.7.2p6-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/sudo-1.7.2p6-1.fc11 sudo-1.7.2p6-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/sudo-1.7.2p6-1.fc12 sudo-1.7.2p6-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/sudo-1.7.2p6-1.fc13 This has been assigned CVE-2010-1163. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0361 https://rhn.redhat.com/errata/RHSA-2010-0361.html sudo-1.7.2p6-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report. sudo-1.7.2p6-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report. sudo-1.7.2p6-1.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |