int(1657)

Boletines de Vulnerabilidades


Condición de carrera en Sudo

Clasificación de la vulnerabilidad

Propiedad Valor
Nivel de Confianza Oficial
Impacto Aumento de privilegios
Dificultad Principiante
Requerimientos del atacante Acceso remoto con cuenta

Información sobre el sistema

Propiedad Valor
Fabricant afectat GNU/Linux
Software afectado Sudo <1.6.8p9

Descripción

Se ha descubierto una condición de carrera en las versiones anteriores a la 1.6.8p9 de Sudo. La vulnerabilidad reside en el manejo de la ruta de los comando ejecutados mediante Sudo.

La explotación de esta vulnerabilidad podría permitir a un atacante local con privilegios Sudo ejecutar comandos arbitrarios siempre que en el archivo sudoers exista una entrada ALL siguiendo a la entrada correspondiente a la del usuario malicioso y el atacante pueda crear archivos simbólicos en el sistema de ficheros.

Solución

Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo.


Actualización de software

Sudo
Sudo 1.6.8p9
http://www.courtesan.com/sudo/dist/sudo-1.6.8p9.tar.gz

OpenBSD
OpenBSD 3.7
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/003_sudo.patch
OpenBSD 3.6
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch

Mandriva Linux

Mandrakelinux 10.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm
AMD64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.amd64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

Mandrakelinux 10.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

Corporate Server 2.1
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

Corporate Server 3.0
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm

Mandrivalinux LE2005
x86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

SUSE Linux

SUSE Linux 9.3
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/sudo-1.6.8p7-3.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/sudo-1.6.8p7-3.2.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/sudo-1.6.8p7-3.2.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/sudo-1.6.8p7-3.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/sudo-1.6.8p7-3.2.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/sudo-1.6.8p7-3.2.src.rpm

SUSE Linux 9.2
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/sudo-1.6.7p5-118.2.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/sudo-1.6.7p5-118.2.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/sudo-1.6.7p5-118.2.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/sudo-1.6.7p5-118.2.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/sudo-1.6.7p5-118.2.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/sudo-1.6.7p5-118.2.src.rpm

SUSE Linux 9.1
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/sudo-1.6.7p5-117.4.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/sudo-1.6.7p5-117.4.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/sudo-1.6.7p5-117.4.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/sudo-1.6.7p5-117.4.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/sudo-1.6.7p5-117.4.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/sudo-1.6.7p5-117.4.src.rpm

SUSE Linux 9.0
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/sudo-1.6.7p5-120.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/sudo-1.6.7p5-120.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/sudo-1.6.7p5-120.src.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/sudo-1.6.7p5-120.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/sudo-1.6.7p5-120.x86_64.patch.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/sudo-1.6.7p5-120.src.rpm

SUSE Linux 8.2
x86
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sudo-1.6.6-192.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sudo-1.6.6-192.i586.patch.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/sudo-1.6.6-192.src.rpm

Red Hat Linux
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
https://rhn.redhat.com/

Debian Linux

Debian Linux 3.0
Source
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.dsc
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.diff.gz
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_alpha.deb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_hppa.deb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_i386.deb
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_m68k.deb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mips.deb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mipsel.deb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_powerpc.deb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_s390.deb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_sparc.deb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_arm.deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_ia64.deb

Debian Linux 3.1
Source
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.dsc
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.diff.gz
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_alpha.deb
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_hppa.deb
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_i386.deb
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_ia64.deb
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_m68k.deb
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mips.deb
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mipsel.deb
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_powerpc.deb
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_s390.deb
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_sparc.deb
arm architecture (ARM)
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_arm.deb

Debian

Debian Linux 3.1
AMD64
http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_amd64.deb

Apple
Tiger Client
http://www.apple.com/support/downloads/securityupdate2005009tigerclient.html
Tiger Server
http://www.apple.com/support/downloads/securityupdate2005009tigerserver.html
Panther Client
http://www.apple.com/support/downloads/securityupdate2005009pantherclient.html
Panther Server
http://www.apple.com/support/downloads/securityupdate2005009pantherserver.html

Identificadores estándar

Propiedad Valor
CVE CAN-2005-1993
BID

Recursos adicionales

Sudo Security Advisory
http://www.courtesan.com/sudo/alerts/path_race.html

OpenBSD Security Advisory June 20, 2005
http://www.openbsd.org/security.html

Mandriva Security Advisories MDKSA-2005:103
http://www.mandriva.com/security/advisories?name=MDKSA-2005:103

SUSE Security Announcement SUSE-SA:2005:036
http://www.novell.com/linux/security/advisories/2005_36_sudo.html

Red Hat Security Advisory RHSA-2005:535-06
https://rhn.redhat.com/errata/RHSA-2005-535.html

Debian Security Advisory DSA 735-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00118.html

Debian Security Advisory DSA 735-2
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00129.html

Debian Security Advisory DSA 773-1
http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00160.html

Security Update (2005-009)
http://docs.info.apple.com/article.html?artnum=302847

Histórico de versiones

Versión Comentario Data
1.0 Aviso emitido 2005-06-21
1.1 Aviso emitido por Mandriva (MDKSA-2005:103) 2005-06-23
1.2 Aviso emitido por SUSE (SUSE-SA:2005:036) 2005-06-27
1.3 Aviso emitido por Red Hat (RHSA-2005:535-06) 2005-06-30
1.4 Aviso emitido por Debian (735-1) 2005-07-01
2.0 Exploit público disponible 2005-07-06
2.1 Aviso actualizado por Debian (DSA 735-2) 2005-07-08
2.2 Aviso emitido por Debian (DSA 773-1) 2005-08-25
2.3 Aviso emitido por Apple (2005-009) 2005-11-30
Ministerio de Defensa
CNI
CCN
CCN-CERT