Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 306865 (CVE-2010-0426)

Summary: <app-admin/sudo-1.7.2_p4: Privilege escalation bug with sudoedit (CVE-2010-{0426,0427})
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: critical CC: base-system
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.sudo.ws/sudo/alerts/sudoedit_escalate.html
Whiteboard: A1 [glsa]
Package list:
Runtime testing required: ---

Description Tobias Heinlein (RETIRED) gentoo-dev 2010-02-25 20:44:59 UTC
See $URL.

Maintainers, please commit an updated ebuild.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-02-25 21:10:24 UTC
Diego allowed me to bump it, which I just did.

Arches, please test and mark stable:
=app-admin/sudo-1.7.2_p4
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 2 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2010-02-26 11:14:35 UTC
x86 stable
Comment 3 Brent Baude (RETIRED) gentoo-dev 2010-02-28 15:23:31 UTC
ppc64 done
Comment 4 Jeroen Roovers (RETIRED) gentoo-dev 2010-02-28 18:06:23 UTC
Stable for HPPA.
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-02-28 18:25:49 UTC
Stable for PPC.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2010-02-28 22:03:24 UTC
amd64 stable.
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2010-02-28 22:16:15 UTC
CVE-2010-0426 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0426):
  sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a
  pseudo-command is enabled, permits a match between the name of the
  pseudo-command and the name of an executable file in an arbitrary
  directory, which allows local users to gain privileges via a crafted
  executable file, as demonstrated by a file named sudoedit in a user's
  home directory.

CVE-2010-0427 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0427):
  sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
  does not properly set group memberships, which allows local users to
  gain privileges via a sudo command.

Comment 8 Raúl Porcel (RETIRED) gentoo-dev 2010-03-01 20:31:29 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 9 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-03-02 19:54:07 UTC
GLSA request filed.
Comment 10 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2010-03-02 20:50:22 UTC
MIPS guys: please see to add ~mips ASAP
Comment 11 Tomás Touceda (RETIRED) gentoo-dev 2010-04-15 21:58:21 UTC
In [0] points some new issues with sudoedit.

This affects up to 1.7.2p5.

[0] http://sudo.ws/sudo/alerts/sudoedit_escalate2.html
Comment 12 Diego Elio Pettenò (RETIRED) gentoo-dev 2010-04-15 22:52:10 UTC
p6 is in tree, since p6 is a different (but related) problem and p4 is all stable, maybe a new bug?
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-27 14:33:10 UTC
(In reply to comment #12)
> p6 is in tree, since p6 is a different (but related) problem and p4 is all
> stable, maybe a new bug?
> 

Right. I just filed bug 321697.

This bug here is fixed, it's only kept open for ~mips.
Comment 14 Matthias Geerdsen (RETIRED) gentoo-dev 2010-05-27 18:52:57 UTC
just for the record, as I didn't see it mentioned... this was GLSA 201003-01