Re: [SECURITY] [DSA 596-1] New sudo packages fix privilege escalation
This is what I get on all the 3.0 installations I've upgraded this
package on (attached file).
David
On Wed, 24 Nov 2004, Ramon Kagan wrote:
> Must be something in your environment, I don't get anything of the sort.
>
> Ramon Kagan
> York University, Computing and Network Services
> Information Security - Senior Information Security Analyst
> (416)736-2100 #20263
> rkagan@yorku.ca
>
> ----------------------------------- ------------------------------------
> I have not failed. I have just I don't know the secret to success,
> found 10,000 ways that don't work. but the secret to failure is
> trying to please everybody.
> - Thomas Edison - Bill Cosby
> ----------------------------------- ------------------------------------
>
> On Wed, 24 Nov 2004, David wrote:
>
> > Hi Martin,
> >
> > This fix prints a bunch of debugging messages on sudo. Has it been tested!?
> >
> > David
> >
> > Martin Schulze wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > >
> > > - --------------------------------------------------------------------------
> > > Debian Security Advisory DSA 596-1 security@debian.org
> > > http://www.debian.org/security/ Martin Schulze
> > > November 24th, 2004 http://www.debian.org/security/faq
> > > - --------------------------------------------------------------------------
> > >
> > > Package : sudo
> > > Vulnerability : missing input sanitising
> > > Problem-Type : local
> > > Debian-specific: no
> > > CVE ID : CAN-2004-1051
> > > Debian Bug : 281665
> > >
> > > Liam Helmer noticed that sudo, a program that provides limited super
> > > user privileges to specific users, does not clean the environment
> > > sufficiently. Bash functions and the CDPATH variable are still passed
> > > through to the program running as privileged user, leaving
> > > possibilities to overload system routines. These vulnerabilities can
> > > only be exploited by users who have been granted limited super user
> > > privileges.
> > >
> > > For the stable distribution (woody) these problems have been fixed in
> > > version 1.6.6-1.2.
> > >
> > > For the unstable distribution (sid) these problems have been fixed in
> > > version 1.6.8p3.
> > >
> > > We recommend that you upgrade your sudo package.
> > >
> > >
> > > Upgrade Instructions
> > > - --------------------
> > >
> > > wget url
> > > will fetch the file for you
> > > dpkg -i file.deb
> > > will install the referenced file.
> > >
> > > If you are using the apt-get package manager, use the line for
> > > sources.list as given below:
> > >
> > > apt-get update
> > > will update the internal database
> > > apt-get upgrade
> > > will install corrected packages
> > >
> > > You may use an automated update by adding the resources from the
> > > footer to the proper configuration.
> > >
> > >
> > > Debian GNU/Linux 3.0 alias woody
> > > - --------------------------------
> > >
> > > Source archives:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2.dsc
> > > Size/MD5 checksum: 587 b4750887bf910de5d8bc4d4ef3f71b3b
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2.diff.gz
> > > Size/MD5 checksum: 12251 e138445e17adf6eec25035bb8c1ef0c9
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
> > > Size/MD5 checksum: 333074 4da4bf6cf31634cc7a17ec3b69fdc333
> > >
> > > Alpha architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_alpha.deb
> > > Size/MD5 checksum: 151386 841c5cfa5405fbef08d95fb7fcd50364
> > >
> > > ARM architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_arm.deb
> > > Size/MD5 checksum: 141442 46d1faa34df223b014c3131879ccadff
> > >
> > > Intel IA-32 architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_i386.deb
> > > Size/MD5 checksum: 135076 687519f374ef803d532e1a2c966322a6
> > >
> > > Intel IA-64 architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_ia64.deb
> > > Size/MD5 checksum: 172442 8e0f391e39197f7911069210dae06da7
> > >
> > > HP Precision architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_hppa.deb
> > > Size/MD5 checksum: 147512 b32938d0bf2d681b4556c64d7071187a
> > >
> > > Motorola 680x0 architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_m68k.deb
> > > Size/MD5 checksum: 132698 63860473eb387086c4474acc395ff96e
> > >
> > > Big endian MIPS architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mips.deb
> > > Size/MD5 checksum: 144380 c1ffef369f073099d84704f24e2252f1
> > >
> > > Little endian MIPS architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_mipsel.deb
> > > Size/MD5 checksum: 144250 bdb34c5adaf5562908d6df4517bf0cd3
> > >
> > > PowerPC architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_powerpc.deb
> > > Size/MD5 checksum: 140566 ff92e82812ef08d35b51239099efaca3
> > >
> > > IBM S/390 architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_s390.deb
> > > Size/MD5 checksum: 140222 f327c3436a5a103b1d028dc2e045c226
> > >
> > > Sun Sparc architecture:
> > >
> > > http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.2_sparc.deb
> > > Size/MD5 checksum: 143004 6c4300c125317a6faf9e154803552485
> > >
> > >
> > > These files will probably be moved into the stable distribution on
> > > its next update.
> > >
> > > - ---------------------------------------------------------------------------------
> > > For apt-get: deb http://security.debian.org/ stable/updates main
> > > For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
> > > Mailing list: debian-security-announce@lists.debian.org
> > > Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
> > >
> > > -----BEGIN PGP SIGNATURE-----
> > > Version: GnuPG v1.2.5 (GNU/Linux)
> > >
> > > iD8DBQFBpHn2W5ql+IAeqTIRAsbeAJ93UCDKx39/3F123rZPt4B+CpYN5wCcD01g
> > > heOiCeKmYQUJoqWasNWbWB0=
> > > =qta2
> > > -----END PGP SIGNATURE-----
> > >
> > >
> >
> > --
> > |> /+\ \| | |>
> >
> >
> > --
> > To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> >
> >
>
--
|> /+\ \| | |>
David Croft
Infotrek
Script started on Wed Nov 24 09:03:28 2004
david@a5s:~$ sudo bash
Password:
Looking at PWD=/home/david...
Looking at PS1=\u@\h:\w\$ ...
Looking at USER=david...
Looking at LS_COLORS=no=00:fi=00:di=01;34:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arj=01;31:*.taz=01;31:*.lzh=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.gz=01;31:*.bz2=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.jpg=01;35:*.jpeg=01;35:*.png=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.mpg=01;35:*.mpeg=01;35:*.avi=01;35:*.fli=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.ogg=01;35:*.mp3=01;35:...
Looking at MAIL=/var/mail/david...
Looking at EDITOR=emacs...
Looking at SSH_CLIENT=83.146.0.0 60612 22...
Looking at LOGNAME=david...
Looking at SHLVL=2...
Looking at SHELL=/bin/bash...
Looking at CVSROOT=/home/david/cvsroot/...
Looking at HOME=/home/david...
Looking at TERM=xterm-color...
Looking at PATH=/home/david/bin:/home/david/bin:/usr/local/bin:/usr/bin:/bin:/usr/bin/X11:/usr/games...
Looking at SSH_TTY=/dev/pts/0...
Looking at _=/usr/bin/sudo...
root@a5s:~# exit
david@a5s:~$
Script done on Wed Nov 24 09:03:37 2004
Reply to: