Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 564774 (CVE-2015-5602) - <app-admin/sudo-1.8.15-r1: Unauthorized privilege escalation in sudoedit (CVE-2015-5602)
Summary: <app-admin/sudo-1.8.15-r1: Unauthorized privilege escalation in sudoedit (CVE...
Status: RESOLVED FIXED
Alias: CVE-2015-5602
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B1 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-03 10:20 UTC by Agostino Sarubbo
Modified: 2016-06-26 13:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-11-03 10:20:07 UTC
From ${URL} :

An unauthorized privilege escalation was found in sudoedit when a user is granted with root access 
to modify a particular file that could be located in a subset of directories. It seems that 
sudoedit does not check the full path if a wildcard is used twice (e.g. /home/*/*/file.txt), 
allowing a malicious user to replace the file.txt real file with a symbolic link to a different 
location (e.g. /etc/shadow), which results into unauthorized access. Affected versions are <= 
1.8.14.

Reproducer can be found here:

https://www.exploit-db.com/exploits/37710/


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Lars Wendler (Polynomial-C) gentoo-dev 2015-11-03 14:29:37 UTC
Arches please test and mark stable =app-admin/sudo-1.8.15 with target KEYWORDS:

alpha amd64 arm ~arm64 hppa ia64 ~m68k ~mips ppc ppc64 ~s390 ~sh sparc x86 ~amd64-fbsd ~sparc-fbsd ~x86-fbsd ~x64-freebsd ~sparc-solaris
Comment 2 Agostino Sarubbo gentoo-dev 2015-11-03 14:55:13 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-11-03 14:55:36 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2015-11-04 14:28:31 UTC
ppc stable
Comment 5 Agostino Sarubbo gentoo-dev 2015-11-05 11:00:07 UTC
sparc stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2015-11-06 04:21:48 UTC
Stable for HPPA PPC64.
Comment 7 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-11-07 23:13:12 UTC
ia64 stable
Comment 8 Markus Meier gentoo-dev 2015-11-14 16:50:53 UTC
arm stable
Comment 9 Matt Turner gentoo-dev 2015-11-15 18:27:58 UTC
alpha stable.

(last arch)
Comment 10 Yury German Gentoo Infrastructure gentoo-dev 2015-12-23 23:28:23 UTC
Arches, Thank you for your work.
New GLSA Request filed.

Maintainer(s), please drop the vulnerable version(s).
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-03-08 08:25:34 UTC
CVE released.

@maintainers, please clean up the vulnerable versions
Comment 12 Doug Goldstein (RETIRED) gentoo-dev 2016-03-08 15:05:50 UTC
Thanks for the report. re: http://gitweb.gentoo.org/repo/gentoo.git/commit/?id=21f8d167c044a4a6846b97ce78c7e52ce7497936
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2016-06-26 13:51:02 UTC
This issue was resolved and addressed in
 GLSA 201606-13 at https://security.gentoo.org/glsa/201606-13
by GLSA coordinator Aaron Bauman (b-man).