exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ubuntu Security Notice 905-1

Ubuntu Security Notice 905-1
Posted Feb 27, 2010
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 905-1 - It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.

tags | advisory, arbitrary, local, root
systems | linux, ubuntu
advisories | CVE-2010-0426, CVE-2010-0427
SHA-256 | 6429269d5a7e2fc27d46e77eeca2faf4ade70b577099f07867e05c9aa22b77c1

Ubuntu Security Notice 905-1

Change Mirror Download
===========================================================
Ubuntu Security Notice USN-905-1 February 26, 2010
sudo vulnerabilities
CVE-2010-0426, CVE-2010-0427
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
sudo 1.6.8p12-1ubuntu6.1
sudo-ldap 1.6.8p12-1ubuntu6.1

Ubuntu 8.04 LTS:
sudo 1.6.9p10-1ubuntu3.6
sudo-ldap 1.6.9p10-1ubuntu3.6

Ubuntu 8.10:
sudo 1.6.9p17-1ubuntu2.2
sudo-ldap 1.6.9p17-1ubuntu2.2

Ubuntu 9.04:
sudo 1.6.9p17-1ubuntu3.1
sudo-ldap 1.6.9p17-1ubuntu3.1

Ubuntu 9.10:
sudo 1.7.0-1ubuntu2.1
sudo-ldap 1.7.0-1ubuntu2.1

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that sudo did not properly validate the path for the
'sudoedit' pseudo-command. A local attacker could exploit this to execute
arbitrary code as root if sudo was configured to allow the attacker to use
sudoedit. The sudoedit pseudo-command is not used in the default
installation of Ubuntu. (CVE-2010-0426)

It was discovered that sudo did not reset group permissions when the
'runas_default' configuration option was used. A local attacker could
exploit this to escalate group privileges if sudo was configured to allow
the attacker to run commands under the runas_default account. The
runas_default configuration option is not used in the default installation
of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04.
(CVE-2010-0427)


Updated packages for Ubuntu 6.06 LTS:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1.diff.gz
Size/MD5: 36465 14d0df16c74cd33e67550cc3011e79bb
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1.dsc
Size/MD5: 618 d3ff741b9d7e1d3e01abd562318018c2
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12.orig.tar.gz
Size/MD5: 585643 b29893c06192df6230dd5f340f3badf5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_amd64.deb
Size/MD5: 177298 33ba18356cb72b861d6ecda89529b0fb
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_amd64.deb
Size/MD5: 189148 aeefad19f406872cac0eded167f4e065

i386 architecture (x86 compatible Intel/AMD):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_i386.deb
Size/MD5: 162882 b873dc9cb110544216feef747d32e5a2
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_i386.deb
Size/MD5: 174316 293c645a4a4d57ccb27e473b5ea9c508

powerpc architecture (Apple Macintosh G3/G4/G5):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_powerpc.deb
Size/MD5: 171444 ad26abb760441edbf15f7e098b1e1532
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_powerpc.deb
Size/MD5: 183624 8d045143fc6daf29a153184055bfea53

sparc architecture (Sun SPARC/UltraSPARC):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.8p12-1ubuntu6.1_sparc.deb
Size/MD5: 167550 c27e7f387cb19b5bf3d932957181b5a6
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.8p12-1ubuntu6.1_sparc.deb
Size/MD5: 180092 fc286f32e79a3010f81f20413168aa04

Updated packages for Ubuntu 8.04 LTS:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6.diff.gz
Size/MD5: 29374 e6db1630f2b05c8e9839f4fe4aca266a
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6.dsc
Size/MD5: 702 20547db3a024d46b8217acf1e83b83ef
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10.orig.tar.gz
Size/MD5: 579302 16db2a1213159a1fac8239eab58108f5

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_amd64.deb
Size/MD5: 188358 23215819c29dc7de3a4af5ca1a57032c
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_amd64.deb
Size/MD5: 200026 7c6057e1ed38e8cda9a4d205faf1ac13

i386 architecture (x86 compatible Intel/AMD):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_i386.deb
Size/MD5: 176538 1e833016ee022766c2ca1a7e29b596ed
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_i386.deb
Size/MD5: 187408 0e0472b16b1add85df28b0675589956d

lpia architecture (Low Power Intel Architecture):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_lpia.deb
Size/MD5: 177632 8b2edc241c35137afd81c396a0043431
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_lpia.deb
Size/MD5: 188378 ad2a9d36a94c36e1bcecc1bca64b2d95

powerpc architecture (Apple Macintosh G3/G4/G5):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_powerpc.deb
Size/MD5: 188556 9f0e4fb02064fc1b40829de2c1e92805
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_powerpc.deb
Size/MD5: 202394 ef74f61e9c34ee11ef51d38377a0be55

sparc architecture (Sun SPARC/UltraSPARC):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p10-1ubuntu3.6_sparc.deb
Size/MD5: 182512 24f0ed4658aae0c538ca564e4c5950c3
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p10-1ubuntu3.6_sparc.deb
Size/MD5: 193640 a2b3b6604ff6c4546e5a8d061fdb7cab

Updated packages for Ubuntu 8.10:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2.diff.gz
Size/MD5: 26459 e127fb89620f45f5d9184bd87b45464a
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2.dsc
Size/MD5: 1098 2959f2bc61d7ccecfb8fc554b446d463
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17.orig.tar.gz
Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_amd64.deb
Size/MD5: 191296 c1d1c53708d512a746da226117d130d0
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_amd64.deb
Size/MD5: 202256 f4d5961be5ef3eee80906f2c6d39a4b8

i386 architecture (x86 compatible Intel/AMD):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_i386.deb
Size/MD5: 179370 d21813fed543bfed0e0704a1ce0341ef
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_i386.deb
Size/MD5: 188842 55a32e9081772f8611e1006d3ddcfb50

lpia architecture (Low Power Intel Architecture):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_lpia.deb
Size/MD5: 180432 ab0bcf69bfba1bc48e9a6a3ba3030c5f
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_lpia.deb
Size/MD5: 189652 8dc329d7a87d2d5bf2eb70071361b792

powerpc architecture (Apple Macintosh G3/G4/G5):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_powerpc.deb
Size/MD5: 188732 81d7e525bdfb3421d46e5c7623963e63
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_powerpc.deb
Size/MD5: 201208 69d7905dce680b3d9f30f6476e486ae6

sparc architecture (Sun SPARC/UltraSPARC):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu2.2_sparc.deb
Size/MD5: 184208 1d87f6e84ad37cceb1ab1b16083336ad
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu2.2_sparc.deb
Size/MD5: 193944 b6c81515751ff1b11d6b7b8bf9893206

Updated packages for Ubuntu 9.04:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1.diff.gz
Size/MD5: 26464 d01e9f40ceb7ee72cd544dccc0ff61ec
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1.dsc
Size/MD5: 1098 7d36e3ce35d2745b8ad1ee6f3341713d
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17.orig.tar.gz
Size/MD5: 593534 60daf18f28e2c1eb7641c4408e244110

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_amd64.deb
Size/MD5: 191292 db0dd72e435fc48ac109d67b9d896573
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_amd64.deb
Size/MD5: 202254 5ba756fd3ddf796ea948f0f3da4cdd80

i386 architecture (x86 compatible Intel/AMD):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_i386.deb
Size/MD5: 179392 d8984ef79dfd27e314343b3e8f42bb41
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_i386.deb
Size/MD5: 188846 ce40b21ebc2e2a95be415c768661a785

lpia architecture (Low Power Intel Architecture):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_lpia.deb
Size/MD5: 180456 6fded1767a6b44cf99f25a82476a52da
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_lpia.deb
Size/MD5: 189674 e271b1fa6d7f17917163dbb37863eb2e

powerpc architecture (Apple Macintosh G3/G4/G5):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_powerpc.deb
Size/MD5: 188744 039f52f42d3eeded8ce75e96e276e53d
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_powerpc.deb
Size/MD5: 201216 2a649addcffab0eaa94f36a45c3848cd

sparc architecture (Sun SPARC/UltraSPARC):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.6.9p17-1ubuntu3.1_sparc.deb
Size/MD5: 184136 ca187dd7a7b3eca1b6788bb8b7615f7e
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.6.9p17-1ubuntu3.1_sparc.deb
Size/MD5: 193798 ebf79bbc5f19b50d8ffa60bad381966b

Updated packages for Ubuntu 9.10:

Source archives:

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1.diff.gz
Size/MD5: 23742 31fa50ea42efb75a6995ce43e05f8d3a
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1.dsc
Size/MD5: 1117 ac9f701eef71f472756479f9c07d5ff3
https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0.orig.tar.gz
Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_amd64.deb
Size/MD5: 310278 7f1b840d6412b168c70d2f136cb0a3a5
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_amd64.deb
Size/MD5: 333962 a01561815cf0e835cb889663eaf81d06

i386 architecture (x86 compatible Intel/AMD):

https://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_i386.deb
Size/MD5: 297694 d514dde2dfc8ec32c92de9d71d8f5832
https://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_i386.deb
Size/MD5: 319300 e3a4e6d67ed8644c9bed06337cadc156

lpia architecture (Low Power Intel Architecture):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_lpia.deb
Size/MD5: 297858 82f884376f3ab60cd35466d70446514d
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_lpia.deb
Size/MD5: 319686 f9ec4970846681134c868621c8d5989e

powerpc architecture (Apple Macintosh G3/G4/G5):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_powerpc.deb
Size/MD5: 305874 88b6f4ad953f85c7b32898b7b3823163
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_powerpc.deb
Size/MD5: 328914 b973b5fa801148e11d3747ab89b84a3f

sparc architecture (Sun SPARC/UltraSPARC):

https://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.1_sparc.deb
Size/MD5: 301460 e5cf051efacfdca66a3aa186d01f5a80
https://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.1_sparc.deb
Size/MD5: 323606 b82e9af9f7f18ebf31aee38835aaf901



Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close