Your message dated Sat, 17 Apr 2010 19:52:50 +0000 with message-id <e1o3e4q-0006ib...@ries.debian.org> and subject line Bug#570737: fixed in sudo 1.6.9p17-2+lenny1 has caused the Debian Bug report #570737, regarding sudoedit permission in sudoers grants permission to any sudoedit executables to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 570737: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: sudo Version: 1.6.9p17-2 Severity: grave Tags: security Justification: user security hole My understanding is that permission to sudoedit is granted by a line in the sudoer file like this: user1 ALL = sudoedit /etc/network/interfaces This works as expected (because the string sudoedit is a special case), eg us...@host1:~$ sudoedit /etc/network/interfaces However, it also appears to grant access to sudo any executable called 'sudoedit' (if the appropriate parameters are passed in). For example, a user executable in the home directory called sudoedit: #!/bin/sh whoami can be invoked (and reports 'root') using us...@host1:~$ sudo ./sudoedit /etc/network/interfaces I had expected (because sudoedit is a special case string) that it should not match anything apart from invoking /usr/bin/sudoedit. This problem was encountered with build 1.6.9p17 of sudo on a Debian Lenny system. The issue was pointed out by 'slouching' on linuxquestions.org. He also reported that this problem did not occur on an earlier version sudo-1.6.8p12-12.el5. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (990, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.30-bpo.1-686 (SMP w/1 CPU core) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C) Shell: /bin/sh linked to /bin/bash Versions of packages sudo depends on: ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libpam-modules 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l sudo recommends no packages. sudo suggests no packages. -- no debconf information
--- End Message ---
--- Begin Message ---Source: sudo Source-Version: 1.6.9p17-2+lenny1 We believe that the bug you reported is fixed in the latest version of sudo, which is due to be installed in the Debian FTP archive: sudo-ldap_1.6.9p17-2+lenny1_i386.deb to main/s/sudo/sudo-ldap_1.6.9p17-2+lenny1_i386.deb sudo_1.6.9p17-2+lenny1.diff.gz to main/s/sudo/sudo_1.6.9p17-2+lenny1.diff.gz sudo_1.6.9p17-2+lenny1.dsc to main/s/sudo/sudo_1.6.9p17-2+lenny1.dsc sudo_1.6.9p17-2+lenny1_i386.deb to main/s/sudo/sudo_1.6.9p17-2+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 570...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Giuseppe Iuculano <iucul...@debian.org> (supplier of updated sudo package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 02 Mar 2010 15:22:43 +0100 Source: sudo Binary: sudo sudo-ldap Architecture: source i386 Version: 1.6.9p17-2+lenny1 Distribution: stable-security Urgency: high Maintainer: Bdale Garbee <bd...@gag.com> Changed-By: Giuseppe Iuculano <iucul...@debian.org> Description: sudo - Provide limited super user privileges to specific users sudo-ldap - Provide limited super user privileges to specific users Closes: 570737 Changes: sudo (1.6.9p17-2+lenny1) stable-security; urgency=high . * Non-maintainer upload by the Security Team. * Fixed CVE-2010-0426: verify path for the 'sudoedit' pseudo-command (Closes: #570737) * Fixed CVE-2010-0427: When changing the runas user, reset any aux runas groups we have cached. Checksums-Sha1: bd1ab3e7bd362f06cca074fb1e7e0f33e3f87c6f 1032 sudo_1.6.9p17-2+lenny1.dsc 576a584eee413e12294cbd2ca6f445e51a1cb103 593534 sudo_1.6.9p17.orig.tar.gz 1be755452d4f19fab4907307e3ec93c0150716cd 22997 sudo_1.6.9p17-2+lenny1.diff.gz 757f693d9510d24defcc58a1becc2801990b1e92 175988 sudo_1.6.9p17-2+lenny1_i386.deb 42c03a061da577a60b306682047833fe257574d8 187528 sudo-ldap_1.6.9p17-2+lenny1_i386.deb Checksums-Sha256: 6d1c4ffcf41c0d29110e49b00691e57875b35ca6f9ec4482ec8c3b7d4a780dce 1032 sudo_1.6.9p17-2+lenny1.dsc 1e2cd4ff684c6f542b7e392010021f36b201d074620dad4d7689da60f9c74596 593534 sudo_1.6.9p17.orig.tar.gz 59993cd27e8051c99f8ed48ec2afb6ce192c8da18f982c23868fb20a0654fac5 22997 sudo_1.6.9p17-2+lenny1.diff.gz 4c0418934e2671125b1ebce3aa0db78cd4458e6ae379bab1f2da13243441f7e2 175988 sudo_1.6.9p17-2+lenny1_i386.deb 0ca4c94c80245ad2c754f0d1a0e199ef542325241535f901f22ee8b09df9bd03 187528 sudo-ldap_1.6.9p17-2+lenny1_i386.deb Files: fc42a6b45a2e2c114c14cba892635d22 1032 admin optional sudo_1.6.9p17-2+lenny1.dsc 60daf18f28e2c1eb7641c4408e244110 593534 admin optional sudo_1.6.9p17.orig.tar.gz 9980866e257817e8281fd036141ccbd0 22997 admin optional sudo_1.6.9p17-2+lenny1.diff.gz 3d63bc2bc801dbc5ad696a002a250c1f 175988 admin optional sudo_1.6.9p17-2+lenny1_i386.deb 70c225149240e5b20eae98ba82404de7 187528 admin optional sudo-ldap_1.6.9p17-2+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkuNNZQACgkQNxpp46476apPWACfWHRt3Z0r9bw0fl3W31bEy3Mw hCgAmgPcl9nZYTdSsMDDXPbLv3UDjPhW =NaFZ -----END PGP SIGNATURE-----
--- End Message ---
