sudoedit privilege escalation

Bug #563963 reported by Jamie Strandboge
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Fix Released
Medium
Jamie Strandboge
Dapper
Fix Released
Low
Jamie Strandboge
Hardy
Fix Released
Low
Jamie Strandboge
Intrepid
Fix Released
Low
Jamie Strandboge
Jaunty
Fix Released
Low
Jamie Strandboge
Karmic
Fix Released
Medium
Jamie Strandboge
Lucid
Fix Released
Medium
Jamie Strandboge

Bug Description

Binary package hint: sudo

Bug added for USN publication since CVE has not been assigned for:
http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

sudo (1.7.2p1-1ubuntu5) lucid; urgency=low

  * SECURITY UPDATE: properly verify path in find_path.c for the 'sudoedit'
    pseudo-command when running from the current working directory and
    secure_path is disabled
    - CVE-2010-XXXX

Changed in sudo (Ubuntu Lucid):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in sudo (Ubuntu Dapper):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in sudo (Ubuntu Hardy):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in sudo (Ubuntu Intrepid):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in sudo (Ubuntu Jaunty):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in sudo (Ubuntu Karmic):
assignee: nobody → Jamie Strandboge (jdstrand)
Changed in sudo (Ubuntu Lucid):
status: New → Fix Released
importance: Undecided → Medium
Changed in sudo (Ubuntu Karmic):
importance: Undecided → Medium
Changed in sudo (Ubuntu Jaunty):
importance: Undecided → Low
Changed in sudo (Ubuntu Intrepid):
importance: Undecided → Low
Changed in sudo (Ubuntu Hardy):
importance: Undecided → Low
Changed in sudo (Ubuntu Dapper):
importance: Undecided → Low
status: New → Fix Committed
Changed in sudo (Ubuntu Hardy):
status: New → Fix Committed
Changed in sudo (Ubuntu Intrepid):
status: New → Fix Committed
Changed in sudo (Ubuntu Jaunty):
status: New → Fix Committed
Changed in sudo (Ubuntu Karmic):
status: New → Fix Committed
visibility: private → public
Revision history for this message
Jamie Strandboge (jdstrand) wrote :
Changed in sudo (Ubuntu Dapper):
status: Fix Committed → Fix Released
Changed in sudo (Ubuntu Hardy):
status: Fix Committed → Fix Released
Changed in sudo (Ubuntu Intrepid):
status: Fix Committed → Fix Released
Changed in sudo (Ubuntu Jaunty):
status: Fix Committed → Fix Released
Changed in sudo (Ubuntu Karmic):
status: Fix Committed → Fix Released
kuh3h3 (kuh3h3)
Changed in sudo (Ubuntu Intrepid):
status: Fix Released → Fix Committed
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.