Boletines de Vulnerabilidades |
Condición de carrera en Sudo |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Aumento de privilegios |
Dificultad | Principiante |
Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricant afectat | GNU/Linux |
Software afectado | Sudo <1.6.8p9 |
Descripción |
|
Se ha descubierto una condición de carrera en las versiones anteriores a la 1.6.8p9 de Sudo. La vulnerabilidad reside en el manejo de la ruta de los comando ejecutados mediante Sudo. La explotación de esta vulnerabilidad podría permitir a un atacante local con privilegios Sudo ejecutar comandos arbitrarios siempre que en el archivo sudoers exista una entrada ALL siguiendo a la entrada correspondiente a la del usuario malicioso y el atacante pueda crear archivos simbólicos en el sistema de ficheros. |
|
Solución |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Sudo Sudo 1.6.8p9 http://www.courtesan.com/sudo/dist/sudo-1.6.8p9.tar.gz OpenBSD OpenBSD 3.7 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/003_sudo.patch OpenBSD 3.6 ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/018_sudo.patch Mandriva Linux Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm Mandrivalinux LE2005 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm SUSE Linux SUSE Linux 9.3 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/sudo-1.6.8p7-3.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/i586/sudo-1.6.8p7-3.2.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.3/rpm/src/sudo-1.6.8p7-3.2.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/sudo-1.6.8p7-3.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/x86_64/sudo-1.6.8p7-3.2.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.3/rpm/src/sudo-1.6.8p7-3.2.src.rpm SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/sudo-1.6.7p5-118.2.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/sudo-1.6.7p5-118.2.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/sudo-1.6.7p5-118.2.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/sudo-1.6.7p5-118.2.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/sudo-1.6.7p5-118.2.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/sudo-1.6.7p5-118.2.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/sudo-1.6.7p5-117.4.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/sudo-1.6.7p5-117.4.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/sudo-1.6.7p5-117.4.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/sudo-1.6.7p5-117.4.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/sudo-1.6.7p5-117.4.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/sudo-1.6.7p5-117.4.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/sudo-1.6.7p5-120.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/sudo-1.6.7p5-120.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/sudo-1.6.7p5-120.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/sudo-1.6.7p5-120.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/sudo-1.6.7p5-120.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/sudo-1.6.7p5-120.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sudo-1.6.6-192.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/sudo-1.6.6-192.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/sudo-1.6.6-192.src.rpm Red Hat Linux Red Hat Desktop (v. 3) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 2.1) Red Hat Enterprise Linux AS (v. 3) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 2.1) Red Hat Enterprise Linux ES (v. 3) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 2.1) Red Hat Enterprise Linux WS (v. 3) Red Hat Enterprise Linux WS (v. 4) Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor https://rhn.redhat.com/ Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.dsc http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1.diff.gz alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_alpha.deb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_hppa.deb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_i386.deb m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_m68k.deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mips.deb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_mipsel.deb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_powerpc.deb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_s390.deb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_sparc.deb arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_arm.deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.3woody1_ia64.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.dsc http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1.diff.gz http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz alpha architecture (DEC Alpha) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_alpha.deb hppa architecture (HP PA RISC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_hppa.deb i386 architecture (Intel ia32) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_i386.deb ia64 architecture (Intel ia64) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_ia64.deb m68k architecture (Motorola Mc680x0) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_m68k.deb mips architecture (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mips.deb mipsel architecture (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_mipsel.deb powerpc architecture (PowerPC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_powerpc.deb s390 architecture (IBM S/390) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_s390.deb sparc architecture (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_sparc.deb arm architecture (ARM) http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_arm.deb Debian Debian Linux 3.1 AMD64 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.1sarge1_amd64.deb Apple Tiger Client http://www.apple.com/support/downloads/securityupdate2005009tigerclient.html Tiger Server http://www.apple.com/support/downloads/securityupdate2005009tigerserver.html Panther Client http://www.apple.com/support/downloads/securityupdate2005009pantherclient.html Panther Server http://www.apple.com/support/downloads/securityupdate2005009pantherserver.html |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2005-1993 |
BID | |
Recursos adicionales |
|
Sudo Security Advisory http://www.courtesan.com/sudo/alerts/path_race.html OpenBSD Security Advisory June 20, 2005 http://www.openbsd.org/security.html Mandriva Security Advisories MDKSA-2005:103 http://www.mandriva.com/security/advisories?name=MDKSA-2005:103 SUSE Security Announcement SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html Red Hat Security Advisory RHSA-2005:535-06 https://rhn.redhat.com/errata/RHSA-2005-535.html Debian Security Advisory DSA 735-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00118.html Debian Security Advisory DSA 735-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00129.html Debian Security Advisory DSA 773-1 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00160.html Security Update (2005-009) http://docs.info.apple.com/article.html?artnum=302847 |
Histórico de versiones |
||
Versión | Comentario | Data |
1.0 | Aviso emitido | 2005-06-21 |
1.1 | Aviso emitido por Mandriva (MDKSA-2005:103) | 2005-06-23 |
1.2 | Aviso emitido por SUSE (SUSE-SA:2005:036) | 2005-06-27 |
1.3 | Aviso emitido por Red Hat (RHSA-2005:535-06) | 2005-06-30 |
1.4 | Aviso emitido por Debian (735-1) | 2005-07-01 |
2.0 | Exploit público disponible | 2005-07-06 |
2.1 | Aviso actualizado por Debian (DSA 735-2) | 2005-07-08 |
2.2 | Aviso emitido por Debian (DSA 773-1) | 2005-08-25 |
2.3 | Aviso emitido por Apple (2005-009) | 2005-11-30 |