Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 321697

Summary: <app-admin/sudo-1.7.2p6: Additional privilege escalation bug with sudoedit (CVE-2010-1163)
Product: Gentoo Security Reporter: Tobias Heinlein (RETIRED) <keytoaster>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: base-system
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://sudo.ws/sudo/alerts/sudoedit_escalate2.html
Whiteboard: B1 [glsa]
Package list:
Runtime testing required: ---

Description Tobias Heinlein (RETIRED) gentoo-dev 2010-05-27 14:32:05 UTC 
See $URL.
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-27 14:43:01 UTC 
Arches, please test and mark stable ASAP:
=app-admin/sudo-1.7.2_p6
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"
Comment 2 Peter Volkov (RETIRED) gentoo-dev 2010-05-28 07:40:48 UTC 
amd64 stable.
Comment 3 Joe Jezak (RETIRED) gentoo-dev 2010-05-28 18:07:52 UTC 
Marked ppc/ppc64 stable.
Comment 4 Raúl Porcel (RETIRED) gentoo-dev 2010-05-28 18:14:10 UTC 
alpha/arm/ia64/m68k/s390/sh/sparc/x86 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2010-05-29 17:49:01 UTC 
Stable for HPPA.
Comment 6 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-29 20:27:01 UTC 
GLSA request filed.
Comment 7 Tobias Heinlein (RETIRED) gentoo-dev 2010-05-30 14:47:31 UTC 
CVE-2010-1163 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1163):
  The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
  not properly handle when a file in the current working directory has
  the same name as a pseudo-command in the sudoers file and the PATH
  contains an entry for ".", which allows local users to execute
  arbitrary commands via a Trojan horse executable, as demonstrated
  using sudoedit, a different vulnerability than CVE-2010-0426.
Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-06-02 21:25:38 UTC 
GLSA 201006-09