Local root exploit for sudo + postfix. Exploits sudo prior to sudo-1.6.4.1. OVERVIEW - -------- There is a vulnerability in sudo which can allow an attacker to trick sudo into running the system MTA with root privileges and an unclean environment, possibly leading to a root compromise. DETAIL - ------ Sebastian Krahmer of the SuSE Security Team found a bug in sudo which can allow an attacker to send a failed-invocation email with root privileges and an unclean environment. Using the Postfix MTA an attacker can potentially gain a root shell. No other MTA is known to be exploitable at this time. We would like to reiterate that the bug is in sudo, not Postfix which is simply being used as a vehicle in this instance. This bug is fixed by having sudo run the MTA with user privileges instead of with root privileges. SOLUTION --------- Update all sudo ebuilds to the new sudo version 6.5 ftp://ftp.cs.colorado.edu/pub/sudo/sudo-1.6.5.tar.gz
commited 1.6.5 and removed all older versions.
*** Bug 192461 has been marked as a duplicate of this bug. ***