sudo vulnerability

Archaic archaic at linuxfromscratch.org
Tue Oct 25 16:37:26 PDT 2005


After digging around, I couldn't find any info other than what debian
gave. I've weeded out their extra junk and made an LFS-conforming patch
for anyone who uses sudo. I've also emailed the sudo list for their take
on this vulnerability and it's proposed fix.


-- 
Archaic

Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs

-------------- next part --------------
Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org)
Date: 2005-10-25
Initial Package Version: 1.6.8p9
Origin: http://ftp.debian.org/debian/pool/main/s/sudo/sudo_1.6.8p9-3.diff.gz
Upstream Status: Sent
Description: (CVE-2005-2959) Tavis Ormandy noticed that sudo does not clean the
             environment sufficiently. The SHELLOPTS and PS4 variables are
             dangerous and are still passed through to the program running as
             privileged user. This can result in the execution of arbitrary
             commands as privileged user when a bash script is executed.

diff -Naur sudo-1.6.8p9.orig/env.c sudo-1.6.8p9/env.c
--- sudo-1.6.8p9.orig/env.c     2005-02-06 15:37:01.000000000 +0000
+++ sudo-1.6.8p9/env.c  2005-10-25 22:55:45.000000000 +0000
@@ -89,6 +89,8 @@
 static const char *initial_badenv_table[] = {
     "IFS",
     "CDPATH",
+    "SHELLOPTS",
+    "PS4",
     "LOCALDOMAIN",
     "RES_OPTIONS",
     "HOSTALIASES",


More information about the lfs-security mailing list