CVE-2006-0151
CVSS7.2
发布时间 :2006-01-09 18:03:00
修订时间 :2010-04-02 02:36:11
NMCPS    

[原文]sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.


[CNNVD]Sudo Python环境变量处理安全性绕过漏洞(CNNVD-200601-073)

        sudo 1.6.8和其他版本未清除PYTHONINSPECT环境变量,这可让有限的本地用户通过Python脚本获取特权。

- CVSS (基础分值)

CVSS分值: 7.2 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:todd_miller:sudo:1.6.5Todd Miller Sudo 1.6.5
cpe:/a:todd_miller:sudo:1.6.3_p7Todd Miller Sudo 1.6.3 p7
cpe:/a:todd_miller:sudo:1.6Todd Miller Sudo 1.6
cpe:/a:todd_miller:sudo:1.6.7_p5
cpe:/o:ubuntu:ubuntu_linux:5.10::powerpc
cpe:/a:todd_miller:sudo:1.6.6Todd Miller Sudo 1.6.6
cpe:/a:todd_miller:sudo:1.6.3_p6
cpe:/a:todd_miller:sudo:1.6.3_p3
cpe:/a:todd_miller:sudo:1.6.3_p2
cpe:/a:todd_miller:sudo:1.6.5_p1
cpe:/o:ubuntu:ubuntu_linux:5.10::i386
cpe:/a:todd_miller:sudo:1.6.4_p1
cpe:/a:todd_miller:sudo:1.6.8_p9
cpe:/a:todd_miller:sudo:1.6.1Todd Miller Sudo 1.6.1
cpe:/a:todd_miller:sudo:1.6.8_p5
cpe:/a:todd_miller:sudo:1.5.9
cpe:/a:todd_miller:sudo:1.5.6
cpe:/a:todd_miller:sudo:1.6.3_p5
cpe:/a:todd_miller:sudo:1.6.8_p7
cpe:/a:todd_miller:sudo:1.6.3Todd Miller Sudo 1.6.3
cpe:/a:todd_miller:sudo:1.6.8Todd Miller Sudo 1.6.8
cpe:/a:todd_miller:sudo:1.5.8
cpe:/a:todd_miller:sudo:1.6.8_p2
cpe:/a:todd_miller:sudo:1.6.8_p8
cpe:/a:todd_miller:sudo:1.6.8_p12
cpe:/a:todd_miller:sudo:1.6.4Todd Miller Sudo 1.6.4
cpe:/o:ubuntu:ubuntu_linux:5.10::amd64
cpe:/a:todd_miller:sudo:1.6.8_p1
cpe:/a:todd_miller:sudo:1.6.3_p4
cpe:/a:todd_miller:sudo:1.6.7Todd Miller Sudo 1.6.7
cpe:/o:ubuntu:ubuntu_linux:5.04::i386
cpe:/a:todd_miller:sudo:1.6.4_p2
cpe:/o:ubuntu:ubuntu_linux:5.04::amd64
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64
cpe:/a:todd_miller:sudo:1.6.3_p1
cpe:/a:todd_miller:sudo:1.6.5_p2
cpe:/a:todd_miller:sudo:1.6.2Todd Miller Sudo 1.6.2
cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/a:todd_miller:sudo:1.5.7
cpe:/o:ubuntu:ubuntu_linux:5.04::powerpc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0151
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0151
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-073
(官方数据源) CNNVD

- 其它链接及资源

http://secunia.com/advisories/18363
(VENDOR_ADVISORY)  SECUNIA  18363
http://www.ubuntulinux.org/support/documentation/usn/usn-235-2
(UNKNOWN)  UBUNTU  USN-235-2
http://www.securityfocus.com/bid/16184
(UNKNOWN)  BID  16184
http://secunia.com/advisories/18358
(VENDOR_ADVISORY)  SECUNIA  18358
http://www.trustix.org/errata/2006/0010
(UNKNOWN)  TRUSTIX  2006-0010
http://www.novell.com/linux/security/advisories/2006_02_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2006:002
http://www.mandriva.com/security/advisories?name=MDKSA-2006:159
(UNKNOWN)  MANDRIVA  MDKSA-2006:159
http://www.debian.org/security/2006/dsa-946
(UNKNOWN)  DEBIAN  DSA-946
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822
(UNKNOWN)  SLACKWARE  SSA:2006-045-08
http://secunia.com/advisories/21692
(UNKNOWN)  SECUNIA  21692
http://secunia.com/advisories/19016
(UNKNOWN)  SECUNIA  19016
http://secunia.com/advisories/18906
(UNKNOWN)  SECUNIA  18906
http://secunia.com/advisories/18558
(UNKNOWN)  SECUNIA  18558
http://secunia.com/advisories/18549
(UNKNOWN)  SECUNIA  18549

- 漏洞信息

Sudo Python环境变量处理安全性绕过漏洞
高危 输入验证
2006-01-09 00:00:00 2006-01-15 00:00:00
本地  
        sudo 1.6.8和其他版本未清除PYTHONINSPECT环境变量,这可让有限的本地用户通过Python脚本获取特权。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Todd Miller Sudo 1.5.6
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.5.7
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.5.8
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.5.9
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.1
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.2
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p1
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p5
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p4
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p7
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p6
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p2
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.3 p3
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.4 p2
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.4 p1
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.4
        Mandriva sudo-1.6.7-0.p5.2.5.M20mdk.i586.rpm
        Multi Network Firewall 2.0:
        http://wwwnew.mandriva.com/en/downloads
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.5 p2
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.5 p1
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.5
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.6
        Slackware sudo-1.6.8p12-i386-1.tgz
        Slackware 8.1:
        ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/s udo-1.6.8p12-i386-1.tgz
        Slackware sudo-1.6.8p12-i386-1.tgz
        Slackware 9.0:ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sudo-1.6.8p12-i386-1.tgz
        ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/s udo-1.6.8p12-i386-1.tgz
        Slackware sudo-1.6.8p12-i386-1.tgz
        Slackware 9.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/s udo-1.6.8p12-i386-1.tgz
        Slackware sudo-1.6.8p12-i486-1.tgz
        10.0:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ sudo-1.6.8p12-i486-1.tgz
        Slackware sudo-1.6.8p12-i486-1.tgz
        Slackware 9.1:Slackware 9.1:
        ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/s udo-1.6.8p12-i486-1.tgz
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.7 p5
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.7
        Mandriva sudo-1.6.7-0.p5.2.5.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Mandriva sudo-1.6.7-0.p5.2.5.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.8 p9
        Slackware sudo-1.6.8p12-i486-1.tgz
        Slackware 10.2:
        ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ sudo-1.6.8p12-i486-1.tgz
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Trustix sudo-1.6.8p12-1tr.i586.rpm
        TSL 3.0
        ftp://ftp.trustix.org/pub/trustix/updates
        Todd Miller Sudo 1.6.8 p5
        Todd Miller sudo-1.6.8p12.tar.gz
        http://www.sudo.ws/sudo/download.html
        Todd Miller Sudo 1.6.8
        Slackware su

- 漏洞信息 (F49699)

Mandriva Linux Security Advisory 2006.159 (PacketStormID:F49699)
2006-09-07 00:00:00
Mandriva  mandriva.com
advisory
linux,mandriva
CVE-2005-4158,CVE-2006-0151
[点击下载]

Mandriva Linux Security Advisory MDKSA-2006-159 - Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made available.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________
 
 Mandriva Linux Security Advisory                         MDKSA-2006:159
 http://www.mandriva.com/security/
 _______________________________________________________________________
 
 Package : sudo
 Date    : August 31, 2006
 Affected: 2006.0, Corporate 3.0, Multi Network Firewall 2.0
 _______________________________________________________________________
 
 Problem Description:
 
 Previous sudo updates were made available to sanitize certain
 environment variables from affecting a sudo call, such as
 PYTHONINSPECT, PERL5OPT, etc.  While those updates were effective in
 addressing those specific environment variables, other variables that
 were not blacklisted were being made available.
 
 Debian addressed this issue by forcing sudo to use a whitlist approach
 in DSA-946-2 by arbitrarily making env_reset the default (as opposed
 to having to be enabled in /etc/sudoers).  Mandriva has opted to follow
 the same approach so now only certain variables are, by default, made
 available, such as HOME, LOGNAME, SHELL, TERM, DISPLAY, XAUTHORITY,
 XAUTHORIZATION, LANG, LANGUAGE, LC_*, and USER, as well as the SUDO_*
 variables.
 
 If other variables are required to be kept, this can be done by editing
 /etc/sudoers and using the env_keep option, such as:
 
     Defaults env_keep="FOO BAR"
 
 As well, the Corporate 3 packages are now compiled with the SECURE_PATH
 setting.
 
 Updated packages are patched to address this issue.
 _______________________________________________________________________

 References:
 
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-4158
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-0151
 http://www.debian.org/security/2006/dsa-946
 _______________________________________________________________________
 
 Updated Packages:
 
 Mandriva Linux 2006.0:
 859526089cecbc00c11b0c76509f97b1  2006.0/RPMS/sudo-1.6.8p8-2.3.20060mdk.i586.rpm
 7dce7457a74d625018aee6690bcc35d7  2006.0/SRPMS/sudo-1.6.8p8-2.3.20060mdk.src.rpm

 Mandriva Linux 2006.0/X86_64:
 8ab6e95323473f6f1f72c255aa4453ae  x86_64/2006.0/RPMS/sudo-1.6.8p8-2.3.20060mdk.x86_64.rpm
 7dce7457a74d625018aee6690bcc35d7  x86_64/2006.0/SRPMS/sudo-1.6.8p8-2.3.20060mdk.src.rpm

 Corporate 3.0:
 df8964b76a758340a3a283147dce03d5  corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.5.C30mdk.i586.rpm
 3d4fe9dd6e7f729266af98a318be1b48  corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.5.C30mdk.src.rpm

 Corporate 3.0/X86_64:
 f8b93aad21eb48289a537e586d3c58ae  x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.5.C30mdk.x86_64.rpm
 3d4fe9dd6e7f729266af98a318be1b48  x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.5.C30mdk.src.rpm

 Multi Network Firewall 2.0:
 57e770ca1e0d0bf487be6b1c4691926c  mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.5.M20mdk.i586.rpm
 d5a3d6889677117b6d19f953794c4ef4  mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.5.M20mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE91BPmqjQ0CJFipgRApIhAJ45el9y07+qaXr3/b0FyVwnpuonvQCgh4Vr
IxvcoSqmpZNHvZFSEGWu2/E=
=Oehv
-----END PGP SIGNATURE-----

    

- 漏洞信息

Sudo Python Environment Variable Handling Security Bypass Vulnerability
Input Validation Error 16184
No Yes
2006-01-09 12:00:00 2006-12-22 12:02:00
Tavis Ormandy is credited with the discovery of this vulnerability.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.10 powerpc
Ubuntu Ubuntu Linux 5.10 i386
Ubuntu Ubuntu Linux 5.10 amd64
Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Trustix Secure Linux 3.0
Trustix Secure Linux 2.2
Trustix Secure Enterprise Linux 2.0
Todd Miller Sudo 1.6.8 p9
Todd Miller Sudo 1.6.8 p8
+ OpenPKG OpenPKG 2.4
+ OpenPKG OpenPKG Current
+ Red Hat Fedora Core4
Todd Miller Sudo 1.6.8 p7
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ OpenPKG OpenPKG 2.3
Todd Miller Sudo 1.6.8 p5
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Todd Miller Sudo 1.6.8 p2
+ Trustix Secure Linux 2.2
Todd Miller Sudo 1.6.8 p12
Todd Miller Sudo 1.6.8 p1
+ Mandriva Linux Mandrake 10.2 x86_64
+ Mandriva Linux Mandrake 10.2
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ OpenPKG OpenPKG 2.2
+ OpenPKG OpenPKG Current
Todd Miller Sudo 1.6.8
Todd Miller Sudo 1.6.7 p5
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
+ OpenPKG OpenPKG 2.1
+ Red Hat Fedora Core3
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Todd Miller Sudo 1.6.7
Todd Miller Sudo 1.6.6
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
+ Slackware Linux 8.0
Todd Miller Sudo 1.6.5 p2
+ NetBSD NetBSD 1.5.2
+ OpenBSD OpenBSD 3.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
+ S.u.S.E. Linux 8.0 i386
+ S.u.S.E. Linux 8.0
Todd Miller Sudo 1.6.5 p1
+ Slackware Linux 8.0
Todd Miller Sudo 1.6.5
Todd Miller Sudo 1.6.4 p2
Todd Miller Sudo 1.6.4 p1
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux graficas
+ Conectiva Linux ecommerce
Todd Miller Sudo 1.6.4
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
- RedHat Linux 6.2 sparc
- RedHat Linux 6.2 i386
- RedHat Linux 6.2 alpha
Todd Miller Sudo 1.6.3 p7
- FreeBSD FreeBSD 4.5
- FreeBSD FreeBSD 4.4
- FreeBSD FreeBSD 4.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ S.u.S.E. Linux 7.3 sparc
+ S.u.S.E. Linux 7.3 ppc
+ S.u.S.E. Linux 7.3 i386
+ S.u.S.E. Linux 7.3
+ Slackware Linux 8.0
+ Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
Todd Miller Sudo 1.6.3 p6
+ Guardian Digital Engarde Secure Linux 1.0.1
+ Guardian Digital Engarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1 alpha
+ S.u.S.E. Linux 7.2 i386
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.2
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 x86
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 sparc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 ppc
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1 alpha
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.1
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 sparc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 ppc
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 i386
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0 alpha
+ S.u.S.E. Linux 7.0
+ S.u.S.E. Linux 7.0
+ Wirex Immunix OS 7.0
+ Wirex Immunix OS 7.0
Todd Miller Sudo 1.6.3 p5
Todd Miller Sudo 1.6.3 p4
+ Slackware Linux 7.1
Todd Miller Sudo 1.6.3 p3
Todd Miller Sudo 1.6.3 p2
Todd Miller Sudo 1.6.3 p1
Todd Miller Sudo 1.6.3
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
Todd Miller Sudo 1.6.2
- Debian Linux 2.2
Todd Miller Sudo 1.6.1
Todd Miller Sudo 1.6
Todd Miller Sudo 1.5.9
+ S.u.S.E. Linux 6.4 ppc
+ S.u.S.E. Linux 6.4 i386
+ S.u.S.E. Linux 6.4
Todd Miller Sudo 1.5.8
Todd Miller Sudo 1.5.7
Todd Miller Sudo 1.5.6
Slackware Linux 10.2
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux 8.1
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Debian Linux 3.0 sparc
Debian Linux 3.0 s/390
Debian Linux 3.0 ppc
Debian Linux 3.0 mipsel
Debian Linux 3.0 mips
Debian Linux 3.0 m68k
Debian Linux 3.0 ia-64
Debian Linux 3.0 ia-32
Debian Linux 3.0 hppa
Debian Linux 3.0 arm
Debian Linux 3.0 alpha
Debian Linux 3.0
Todd Miller Sudo 1.6.8 p12

- 不受影响的程序版本

Todd Miller Sudo 1.6.8 p12

- 漏洞讨论

Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables.

A local attacker with the ability to run Python scripts can exploit this vulnerability to gain access to an interactive Python prompt. That attacker may then execute arbitrary code with elevated privileges, facilitating the complete compromise of affected computers.

An attacker must have the ability to run Python scripts through Sudo to exploit this vulnerability.

This issue is similar to BID 15394 (Sudo Perl Environment Variable Handling Security Bypass Vulnerability).

- 漏洞利用

An exploit is not required. Example exploit code has been provided by breno@kalangolinux.org:

- 解决方案

Please see the referenced vendor advisories for more information and fixes.


Todd Miller Sudo 1.5.6

Todd Miller Sudo 1.5.7

Todd Miller Sudo 1.5.8

Todd Miller Sudo 1.5.9

Todd Miller Sudo 1.6

Todd Miller Sudo 1.6.1

Todd Miller Sudo 1.6.2

Todd Miller Sudo 1.6.3

Todd Miller Sudo 1.6.3 p1

Todd Miller Sudo 1.6.3 p5

Todd Miller Sudo 1.6.3 p4

Todd Miller Sudo 1.6.3 p7

Todd Miller Sudo 1.6.3 p6

Todd Miller Sudo 1.6.3 p2

Todd Miller Sudo 1.6.3 p3

Todd Miller Sudo 1.6.4 p2

Todd Miller Sudo 1.6.4 p1

Todd Miller Sudo 1.6.4

Todd Miller Sudo 1.6.5 p2

Todd Miller Sudo 1.6.5 p1

Todd Miller Sudo 1.6.5

Todd Miller Sudo 1.6.6

Todd Miller Sudo 1.6.7 p5

Todd Miller Sudo 1.6.7

Todd Miller Sudo 1.6.8 p9

Todd Miller Sudo 1.6.8 p5

Todd Miller Sudo 1.6.8

Todd Miller Sudo 1.6.8 p8

Todd Miller Sudo 1.6.8 p1

Todd Miller Sudo 1.6.8 p2

Todd Miller Sudo 1.6.8 p7

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站