From security@mandriva.com Thu Oct 27 14:54:15 2005 From: Mandriva Security Team To: full-disclosure@lists.grok.org.uk Date: Thu, 27 Oct 2005 12:51:58 -0600 Subject: [Full-disclosure] MDKSA-2005:201 - Updated sudo packages fix vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDKSA-2005:201 http://www.mandriva.com/security/ _______________________________________________________________________ Package : sudo Date : October 27, 2005 Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 _______________________________________________________________________ Problem Description: Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning; in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed. The updated packages have been patched to correct this problem. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2959 _______________________________________________________________________ Updated Packages: Corporate Server 2.1: f7a973c064788876a3927e23698165e7 corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.i586.rpm 9d41a3e0d779287d5d6defe3effeadb6 corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm Corporate Server 2.1/X86_64: 11dee7cd0ef65739fbcb74eb4435abb7 x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.3.C21mdk.x86_64.rpm 9d41a3e0d779287d5d6defe3effeadb6 x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.3.C21mdk.src.rpm Mandriva Linux 10.1: 3ac90a3cd189ea0326d927370fdb250e 10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.i586.rpm d0f1e39453c3efa42829959452b10f85 10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm Mandriva Linux 10.1/X86_64: e4522d2cc1241b549143cdfd384b1e84 x86_64/10.1/RPMS/sudo-1.6.8p1-1.3.101mdk.x86_64.rpm d0f1e39453c3efa42829959452b10f85 x86_64/10.1/SRPMS/sudo-1.6.8p1-1.3.101mdk.src.rpm Corporate 3.0: 7f961e981298b0e17db2206b0c173c94 corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.i586.rpm 541ec48ae7f199c9e02209552541c93a corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm Corporate 3.0/X86_64: 0baca1e5dd528d9a0746812c3f70b6aa x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.3.C30mdk.x86_64.rpm 541ec48ae7f199c9e02209552541c93a x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.3.C30mdk.src.rpm Multi Network Firewall 2.0: 73f5119120b2f173d2a5b529bc4b94b1 mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.3.M20mdk.i586.rpm 6711bd6886115f5e5ec429eb739af719 mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.3.M20mdk.src.rpm Mandriva Linux 10.2: d1145addcb3d305aa1149baaad74bee4 10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.i586.rpm 7cfd46cb455cc00b091849726d4763f5 10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm Mandriva Linux 10.2/X86_64: 9d59bab72f413dd21013add16252a48a x86_64/10.2/RPMS/sudo-1.6.8p1-2.2.102mdk.x86_64.rpm 7cfd46cb455cc00b091849726d4763f5 x86_64/10.2/SRPMS/sudo-1.6.8p1-2.2.102mdk.src.rpm Mandriva Linux 2006.0: bf2035af2ac556c3bcb013e80c4fbbd9 2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.i586.rpm 4c708ebf20c38db338e909e6e461888f 2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm Mandriva Linux 2006.0/X86_64: 569e58db33c0a58b0548e3ea699e86fa x86_64/2006.0/RPMS/sudo-1.6.8p8-2.1.20060mdk.x86_64.rpm 4c708ebf20c38db338e909e6e461888f x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.1.20060mdk.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFDYSHOmqjQ0CJFipgRAhsFAKCvJg0ITGiwt0O/0MIrgel7XzsnWwCfWI6V Gg3ko/2ajzrqIcE0Dz+QL0s= =weOX -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/