1 |
- -------------------------------------------------------------------------- |
2 |
GENTOO LINUX SECURITY ANNOUNCEMENT |
3 |
- -------------------------------------------------------------------------- |
4 |
|
5 |
PACKAGE :sudo |
6 |
SUMMARY :Local vulnerability allows an attacker to obtain root privileges |
7 |
DATE :2002-01-17 11:58:00 |
8 |
|
9 |
- -------------------------------------------------------------------------- |
10 |
|
11 |
OVERVIEW |
12 |
|
13 |
There is a vulnerability in sudo which can allow an attacker to trick |
14 |
sudo into running the system MTA with root privileges and an unclean |
15 |
environment, possibly leading to a root compromise. |
16 |
|
17 |
|
18 |
DETAIL |
19 |
|
20 |
Sebastian Krahmer of the SuSE Security Team found a bug in sudo which |
21 |
can allow an attacker to send a failed-invocation email with root |
22 |
privileges and an unclean environment. Using the Postfix MTA an |
23 |
attacker can potentially gain a root shell. No other MTA is known to be |
24 |
exploitable at this time. |
25 |
|
26 |
We would like to reiterate that the bug is in sudo, not Postfix which is |
27 |
simply being used as a vehicle in this instance. |
28 |
|
29 |
This bug is fixed by having sudo run the MTA with user privileges |
30 |
instead of with root privileges. |
31 |
|
32 |
SOLUTION |
33 |
|
34 |
It is recommended that all sudo users apply the update |
35 |
|
36 |
Portage Auto: |
37 |
|
38 |
emerge rsync |
39 |
emerge update |
40 |
emerge update --world |
41 |
|
42 |
|
43 |
Portage by hand: |
44 |
|
45 |
emerge rsync |
46 |
emerge app-admin/sudo |
47 |
|
48 |
Manually: |
49 |
|
50 |
Download the new sudo package here and follow in file instructions: |
51 |
ftp://ftp.cs.colorado.edu/pub/sudo/sudo-1.6.5.tar.gz |
52 |
|
53 |
- -------------------------------------------------------------------------- |
54 |
Ferry Meyndert |
55 |
|
56 |
m0rpheus@×××××××××××××.nu |
57 |
- -------------------------------------------------------------------------- |