Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 564774 (CVE-2015-5602)

Summary: <app-admin/sudo-1.8.15-r1: Unauthorized privilege escalation in sudoedit (CVE-2015-5602)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major CC: base-system
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
Whiteboard: B1 [glsa cve]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2015-11-03 10:20:07 UTC 
From ${URL} :

An unauthorized privilege escalation was found in sudoedit when a user is granted with root access 
to modify a particular file that could be located in a subset of directories. It seems that 
sudoedit does not check the full path if a wildcard is used twice (e.g. /home/*/*/file.txt), 
allowing a malicious user to replace the file.txt real file with a symbolic link to a different 
location (e.g. /etc/shadow), which results into unauthorized access. Affected versions are <= 
1.8.14.

Reproducer can be found here:

https://www.exploit-db.com/exploits/37710/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2015-11-03 14:29:37 UTC 
Arches please test and mark stable =app-admin/sudo-1.8.15 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris
Comment 2 Agostino Sarubbo gentoo-dev 2015-11-03 14:55:13 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-11-03 14:55:36 UTC 
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-11-04 14:28:31 UTC 
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-11-05 11:00:07 UTC 
sparc stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-06 04:21:48 UTC 
Stable for HPPA PPC64.
Comment 7 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-11-07 23:13:12 UTC 
ia64 stable
Comment 8 Markus Meier gentoo-dev 2015-11-14 16:50:53 UTC 
arm stable
Comment 9 Matt Turner gentoo-dev 2015-11-15 18:27:58 UTC 
alpha stable.

(last arch)
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2015-12-23 23:28:23 UTC 
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 11 Aaron Bauman (RETIRED) gentoo-dev 2016-03-08 08:25:34 UTC 
CVE released.

@maintainers, please clean up the vulnerable versions
Comment 12 Doug Goldstein (RETIRED) gentoo-dev 2016-03-08 15:05:50 UTC 
Thanks for the report. re: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21f8d167c044a4a6846b97ce78c7e52ce7497936
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2016-06-26 13:51:02 UTC 
This issue was resolved and addressed in
 GLSA 201606-13 at https://security.gentoo.org/glsa/201606-13
by GLSA coordinator Aaron Bauman (b-man).