From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.8) Gecko/20050513 Fedora/1.0.4-1.3.1 Firefox/1.0.4 Description of problem: http://www.courtesan.com/sudo/alerts/path_race.html describes a problem with sudo that as far as I know hasn't been fixed in fedora legacy. Version-Release number of selected component (if applicable): How reproducible: Didn't try Additional info:
CAN-2004-1689 sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. CAN-2005-1119 Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files. CAN-2005-1831 Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux distributions, allows local users to gain privileges by using sudo to call su, then entering a blank password and hitting CTRL-C. NOTE: SuSE has not been able to replicate this issue. CAN-2005-1993 Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack. ... RHEL has updated sudo to address CAN-2005-1993 (the bug being referred above). FC2 fix for also CAN-2004-1051 may be needed.
*** Bug 165182 has been marked as a duplicate of this bug. ***
could somebody add the CVE id's to the summary to assist in searching, please?
*** Bug 166940 has been marked as a duplicate of this bug. ***
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-1993
ward: CVE-2005-1993 has been a part of this bug for some time. perhaps you are talking about this recently discovered sudo bug: http://www.sudo.ws/sudo/alerts/perl_env.html ?
CVE-2004-1689 isn't applicable to any FL release. CVE-2005-1119 is not a problem since /etc is not world-writeable. CVE-2005-1831 cannot be reproduced. CVE-2004-1051 won't be fixed by Red Hat, so it won't be fixed by FL. Looks like CVE-2005-1993 is the only real issue here.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here are updated sudo packages to QA: Changelog: * Mon Feb 13 2006 Marc Deslauriers <marcdeslauriers> 1.6.5p2-2.3.legacy - - Fix CVE-2005-1993 sudo trusted user arbitrary command execution f6c9ad24f3b13feaf7d8535ca3376388c2bd8984 7.3/sudo-1.6.5p2-2.3.legacy.i386.rpm 11d306d3d80c080be52b2fcbdd52f12addce3fca 7.3/sudo-1.6.5p2-2.3.legacy.src.rpm 8ead746c3ac95321a70ecdb27cc774b5dddc1d92 9/sudo-1.6.6-3.3.legacy.i386.rpm 7b29856659cfdb744148f25ce158cb6be34a1cbb 9/sudo-1.6.6-3.3.legacy.src.rpm ce7f100a5ee6cd47dad8a2da691862e77423135d 1/sudo-1.6.7p5-2.3.legacy.i386.rpm 1976b320d505e565f869055745baf5cd09a77708 1/sudo-1.6.7p5-2.3.legacy.src.rpm bc057a033f60f0d53bfe040358707f0ce3b800fd 2/sudo-1.6.7p5-26.1.legacy.i386.rpm 69c5f787fe1bf0b803f4c4fe616ab58b29aad249 2/sudo-1.6.7p5-26.1.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/sudo-1.6.5p2-2.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/sudo-1.6.6-3.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/sudo-1.6.7p5-2.3.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/sudo-1.6.7p5-26.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFD8/0KLMAs/0C4zNoRAvabAJ9U6aOMw6aSqJA17fYGjeGWbWaOZgCgjPSR 4XNksWkAVJeCHRO8WzQGh60= =qLbC -----END PGP SIGNATURE-----
The URLs were wrong, but I could figure out where to get them... :) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 QA w/ rpm-build-compare.sh: - source integrity good - spec file changes minimal - patches verified to come from RHEL +PUBLISH RHL73, RHL9, FC1, FC2 11d306d3d80c080be52b2fcbdd52f12addce3fca sudo-1.6.5p2-2.3.legacy.src.rpm 7b29856659cfdb744148f25ce158cb6be34a1cbb sudo-1.6.6-3.3.legacy.src.rpm 1976b320d505e565f869055745baf5cd09a77708 sudo-1.6.7p5-2.3.legacy.src.rpm 69c5f787fe1bf0b803f4c4fe616ab58b29aad249 sudo-1.6.7p5-26.1.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) iD8DBQFD9A/kGHbTkzxSL7QRAshgAJ9kBdcNPsamkQXljZ/Gs3VQDAsbCACdHA/r +mHxYYuubyKA5vGV3WFjI5M= =5NDo -----END PGP SIGNATURE-----
whoops! :)
Packages were released to updates-testing
Basic 2-week timeout per the new policy.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I performed QA on the following packages: 5eed8171a2be78f8a03de987b86220b1c8ecb9d4 sudo-1.6.5p2-2.3.legacy.i386.rpm 7a84e2d96bba56142ca8c6dec2603577e31b2072 sudo-1.6.6-3.3.legacy.i386.rpm 4e7b55e41c355e51b4cdd3a820a6d5c94df43fdc sudo-1.6.7p5-2.3.legacy.i386.rpm 954a6e7098b7e86e7bc1f1532a72f8a3dab32380 sudo-1.6.7p5-26.2.legacy.i386.rpm Installed fine. Tested visudo to edit sudoers, and added username and group name. Successfully su'ed to root while listed as a user and tested as member of a group. sudo denied my attempts when not listed in sudoers. All attempts successfully logged in /var/log/secure. +VERIFY rh73,rh9,fc1,fc2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.7 (GNU/Linux) iD8DBQFD+VCHpxMPKJzn2lIRAkGQAKCI7OhsJTNdtOe9M4108zU5fPU5nQCZAXA4 1rRZoe5TPQrf3YXBef2q6t0= =1nH3 -----END PGP SIGNATURE-----
Thanks!
Packages were released.