LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

MeeGo alert MeeGo-SA-10:06 (sudo)



From:
    	      "Ware, Ryan R" <ryan.r.ware@intel.com> 


To:
    	      "meego-security@meego.com" <meego-security@meego.com> 


Subject:
    	      [MeeGo-security] [MeeGo-SA-10:06.sudo] Improper Environment
	Handling in sudo 


Date:
    	      Wed, 7 Jul 2010 13:59:12 -0700


Message-ID:
    	      <C85A38B0.14E2F%ryan.r.ware@intel.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
==
MeeGo-SA-10:06.sudo                Security Advisory
                                                                MeeGo
Project

Topic:          Improper Environment Handling in sudo

Category:       Privilege Restriction
Module:         sudo
Announced:      July 7, 2010
Affects:        MeeGo 1.0
Corrected:      July 7, 2010
MeeGo BID: 2729
CVE:  CVE-2010-1646

For general information regarding MeeGo Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit <URL:http://www.MeeGo.com/>.

I.   Background

Sudo (superuser do) allows a system administrator to give certain
users (or groups of users) the ability to run some (or all)
commands as root while logging all commands and arguments. Sudo
operates on a per-command basis.  It is not a replacement for the
shell.  Features include: the ability to restrict what commands a
user may run on a per-host basis, copious logging of each command
(providing a clear audit trail of who did what), a configurable
timeout of the sudo command, and the ability to use the same
configuration file (sudoers) on many different machines.

II.  Problem Description

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and
1.7.0 through 1.7.2p6 does not properly handle an environment that
contains multiple PATH variables, which might allow local users to
gain privileges via a crafted value of the last PATH variable. 
CVSS v2 Base: 6.2 (MEDIUM)
Access Vector: Locally exploitable

III. Impact

Incorrect parsing of environment can lead to privilege escallation
(CWE-264). 

IV.  Workaround

None

V.   Solution

Update to package sudo-1.7.2p7-3.1 or later.

VI. References

http://bugs.meego.com/show_bug.cgi?id=2729
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-...
http://cwe.mitre.org/data/definitions/264.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)

iQEcBAEBAgAGBQJMNOVnAAoJECxjfBlj7RcKS+gIAIhDISym6mi3FQbvRDX6q/dg
HBlCE13+C/x20ZegCpcBzPQ51fQRwflGzX9lzlTn3hKzEsesDwa/2aj8Dr7394a8
CYKITbxSQzgv2plRaouIutHvTVD/dztf0FeDho1r6lwSCBHB1plfHk3vI0KBa3cA
qHTd+qV7OUxcFkhe4aqNhKx5UiuNEGY9c491u/kCGGvk3343MvLSAZDs3ehunkM/
kTu5JiW5s4vhuntLcF3BQ0tV+iSR5eaakomv7D6tHoYTRVQtVutw2UPRndPcb+co
Kn5PlEO7cxcGd+5L8Ro/y4y5r7xkttaICJs1NvzxprVWvjznJDPHbZ5MopG7Y1g=
=cETr
-----END PGP SIGNATURE-----

_______________________________________________
MeeGo-security mailing list
MeeGo-security@meego.com
http://lists.meego.com/listinfo/meego-security
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds