Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 580441 - (CVE-2010-1163) CVE-2010-1163 sudo: incomplete fix for the sudoedit privilege escalation issue CVE-2010-0426
CVE-2010-1163 sudo: incomplete fix for the sudoedit privilege escalation issu...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,cvss2=6/AV:L/AC:H/Au:...
: Security
Depends On: 580525 580526 580527
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-08 05:44 EDT by Tomas Hoger
Modified: 2015-07-31 02:25 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-12-22 10:56:48 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Upstream patch (542 bytes, patch)
2010-04-08 05:46 EDT, Tomas Hoger 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0361 normal SHIPPED_LIVE Moderate: sudo security update 2010-04-20 11:43:24 EDT

  None (edit)
Description Tomas Hoger 2010-04-08 05:44:44 EDT 
It was discovered that the original upstream fix for the sudo's sudoedit privilege escalation flaw known as CVE-2010-0426 (see bug #567337) did not fully resolve the issue.  In configurations where sudo's ignore_dot option was set to off (default is on), the user allowed to sudoedit some file with the privileges of some user could run arbitrary command with the privileges of that user.

Acknowledgements:

Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna as the original reporter.
Comment 1 Tomas Hoger 2010-04-08 05:46:28 EDT 
Created attachment 405247 [details]
Upstream patch
Comment 3 Tomas Hoger 2010-04-08 06:50:43 EDT 
As with the original flaw, sudo versions in Red Hat Enterprise Linux 3 and 4 were not affected by this flaw, as they do not support sudoedit special command.

This issue did *not* affect sudo 1.6.9p17 packages released in RHSA-2010:0122 fixing CVE-2010-0426.  In that sudo version, ignore_dot option value can not be changed from the sudoers configuration file and the compile-time default value is always used ('on' in RHEL sudo packages, configure run with --with-ignore-dot), as is documented in the sudoers manpage:

  ignore_dot
    [ ... ]
    This flag is on by default.  Currently, while it is possible to set
    ignore_dot in sudoers, its value is not used.  This option should be
    considered read-only (it will be fixed in a future version of sudo).

However, RHBA-2010:0212, released as part of Red Hat Enterprise Linux 5.5, rebased sudo packages to upstream version 1.7.2p1, which allows changing ignore_dot option value using the sudoers configuration file.  Hence, only users that already upgraded to RHEL-5.5 sudo packages and changed ignore_dot default value in the sudoers file can be affected by this flaw.
Comment 5 Tomas Hoger 2010-04-12 12:19:16 EDT 
(In reply to comment #1)
> Created an attachment (id=405247) [details]
> Upstream patch    

Committed upstream as: http://sudo.ws/repos/sudo/rev/07de8e40cb4c
Comment 6 Tomas Hoger 2010-04-13 10:42:01 EDT 
Public now via:
  http://sudo.ws/sudo/alerts/sudoedit_escalate2.html

Fixed upstream in versions 1.7.2p6 and 1.6.9p22.
Comment 7 Fedora Update System 2010-04-14 10:47:46 EDT 
sudo-1.7.2p6-1.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/sudo-1.7.2p6-1.fc11
Comment 8 Fedora Update System 2010-04-14 10:48:12 EDT 
sudo-1.7.2p6-1.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/sudo-1.7.2p6-1.fc12
Comment 9 Fedora Update System 2010-04-14 10:48:23 EDT 
sudo-1.7.2p6-1.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/sudo-1.7.2p6-1.fc13
Comment 10 Vincent Danen 2010-04-16 00:58:46 EDT 
This has been assigned CVE-2010-1163.
Comment 11 errata-xmlrpc 2010-04-20 11:43:26 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5

Via RHSA-2010:0361 https://rhn.redhat.com/errata/RHSA-2010-0361.html
Comment 12 Fedora Update System 2010-04-23 02:04:33 EDT 
sudo-1.7.2p6-1.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2010-05-03 12:05:24 EDT 
sudo-1.7.2p6-1.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 14 Fedora Update System 2010-05-03 12:11:11 EDT 
sudo-1.7.2p6-1.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.