Vulnerability Bulletins |
Aumento de privilegios en sudo |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Aumento de privilegios |
| Dificulty | Principiante |
| Required attacker level | Acceso remoto con cuenta |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | sudo |
Description |
|
|
Se ha descubierto una vulnerabilidad en sudo. La vulnerabilidad reside en el manejo de las variables de entorno SHELLOPTS y PS4 que son pasadas sin validar al programa que se ejecuta como usuario privilegiado. Un atacante local podría ejecutar comandos arbitrarios mediante un script de bash que pueda ejecutar con privilegios de root gracias a sudo. |
|
Solution |
|
|
Actualización de software Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.dsc http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4.diff.gz http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_alpha.deb ARM http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_ia64.deb HPPA http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.6-1.4_sparc.deb Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.dsc http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2.diff.gz http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_alpha.deb AMD64 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_amd64.deb ARM http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_ia64.deb HP Precision http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/s/sudo/sudo_1.6.8p7-1.2_sparc.deb Mandriva Corporate Server 2.1 X86 corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.i586.rpm corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm Mandriva Linux 10.1 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm Corporate 3.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm Multi Network Firewall 2.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.3.M20mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.3.M20mdk.src.rpm Mandriva Linux 10.2 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm Mandriva Linux 2006.0 X86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux Apple Mac OS X 10.3.9 Client http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13243&cat=1&platform=osx&method=sa/SecUpd2007-003Pan.dmg Mac OS X 10.3.9 Server http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13244&cat=1&platform=osx&method=sa/SecUpdSrvr2007-003Pan.dmg Mac OS X Server 10.4.9 (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13236&cat=1&platform=osx&method=sa/MacOSXServerUpd10.4.9PPC.dmg Mac OS X 10.4.9 Combo (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13206&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.9PPC.dmg Mac OS X 10.4.9 Combo (Intel) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13207&cat=1&platform=osx&method=sa/MacOSXUpdCombo10.4.9Intel.dmg Mac OS X 10.4.9 (Intel) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13208&cat=1&platform=osx&method=sa/MacOSXUpd10.4.9Intel.dmg Mac OS X 10.4.9 (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13209&cat=1&platform=osx&method=sa/MacOSXUpd10.4.9PPC.dmg Mac OS X Server 10.4.9 (Universal) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13237&cat=1&platform=osx&method=sa/MacOSXServerUpd10.4.9Univ.dmg Mac OS X Server 10.4.9 Combo (Universal) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13238&cat=1&platform=osx&method=sa/MacOSXSrvrCombo10.4.9Univ.dmg Mac OS X Server 10.4.9 Combo (PPC) http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty2.pl/product=13239&cat=1&platform=osx&method=sa/MacOSXSrvrCombo10.4.9PPC.dmg |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2005-2959 |
| BID | |
Other resources |
|
|
Debian Security Advisory (DSA 870-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00266.html Mandriva Security Advisory (MDKSA-2005:201) http://www.mandriva.com/security/advisories?name=MDKSA-2005:201 SUSE Security Advisory (SUSE-SR:2005:025) http://www.novell.com/linux/security/advisories/2005_25_sr.html SUSE Security Summary Report SUSE-SR:2006:002 http://www.novell.com/linux/security/advisories/2006_02_sr.html Apple Security Update 2007-003 (305214) http://docs.info.apple.com/article.html?artnum=305214 |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2005-10-25 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2005:201) | 2005-10-28 |
| 1.2 | Aviso emitido por Suse (SUSE-SR:2005:025) | 2005-11-14 |
| 2.0 | Exploit público disponible. | 2005-11-29 |
| 2.1 | Aviso emitido por SUSE (SUSE-SR:2006:002) | 2006-01-24 |
| 2.2 | Aviso emitido por Apple (305214) | 2007-03-19 |