Ubuntu

[CVE-2009-0034] For some non-standard /etc/sudoers root escalation is possible

Reported by Andreas Wenning on 2009-02-13
256
Affects Status Importance Assigned to Milestone
sudo (Ubuntu)
Undecided
Unassigned
Dapper
Undecided
Unassigned
Gutsy
Undecided
Unassigned
Hardy
Undecided
Kees Cook
Intrepid
Undecided
Kees Cook

Bug Description

Binary package hint: sudo

CVE-2009-0034: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0034

parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command.

Patch:
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h

Mandriva has updated packages from 1.6.9p5 through 1.6.9p17, so looks like all releases are affected (dapper through jaunty): http://lists.mandriva.com/security-announce/2009-02/msg00002.php

CVE References

Martin Pitt (pitti) wrote :

Jaunty just got fixed:

sudo (1.6.9p17-1ubuntu3) jaunty; urgency=low

  * SECURITY UPDATE: privilege escalation via non-default system groups.
    - parse.c: upstream fix for CVE-2009-0034:
      http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c?r1=1.160.2.21&r2=1.160.2.22

Changed in sudo:
status: New → Fix Released
assignee: nobody → ubuntu-security
Jamie Strandboge (jdstrand) wrote :

Dapper and Gutsy are not affected. This was fixed in http://www.ubuntu.com/usn/usn-722-1 on 2009-02-17.

Changed in sudo:
status: New → Invalid
status: New → Invalid
status: New → Fix Released
status: New → Fix Released
assignee: ubuntu-security → kees
assignee: nobody → kees
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers