Your message dated Thu, 17 Jun 2010 13:52:45 +0000
with message-id <[email protected]>
and subject line Bug#585394: fixed in sudo 1.6.9p17-3
has caused the Debian Bug report #585394,
regarding CVE-2010-1646: Sudo's secure path option can be circumvented
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
585394: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585394
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: sudo
Severity: grave
Tags: security
Justification: user security hole
Please see http://www.gratisoft.us/sudo/alerts/secure_path.html
Patch for Lenny is attached, for Squeeze it's likely best to
update to 1.7.2p7.
Cheers,
Moritz
diff -urNa sudo-1.6.9p22/env.c sudo-1.6.9p23/env.c
--- sudo-1.6.9p22/env.c Wed Apr 7 06:32:26 2010
+++ sudo-1.6.9p17/env.c Fri May 28 09:54:46 2010
@@ -270,6 +270,7 @@
{
char **nep;
size_t varlen;
+ int found = FALSE;
/* Make sure there is room for the new entry plus a NULL. */
if (e->env_len + 2 > e->env_size) {
@@ -278,20 +279,34 @@
}
if (dupcheck) {
- varlen = (strchr(str, '=') - str) + 1;
+ varlen = (strchr(str, '=') - str) + 1;
- for (nep = e->envp; *nep; nep++) {
+ for (nep = e->envp; !found && *nep != NULL; nep++) {
+ if (strncmp(str, *nep, varlen) == 0) {
+ *nep = str;
+ found = TRUE;
+ }
+ }
+ /* Prune out duplicate variables. */
+ if (found) {
+ while (*nep != NULL) {
if (strncmp(str, *nep, varlen) == 0) {
- *nep = str;
- return;
+ memmove(nep, nep + 1,
+ (e->env_len - (nep - e->envp)) * sizeof(char *));
+ e->env_len--;
+ } else {
+ nep++;
}
}
- } else
- nep = e->envp + e->env_len;
+ }
+ }
- e->env_len++;
- *nep++ = str;
- *nep = NULL;
+ if (!found) {
+ nep = e->envp + e->env_len;
+ e->env_len++;
+ *nep++ = str;
+ *nep = NULL;
+ }
}
/*
--- End Message ---
--- Begin Message ---
Source: sudo
Source-Version: 1.6.9p17-3
We believe that the bug you reported is fixed in the latest version of
sudo, which is due to be installed in the Debian FTP archive:
sudo-ldap_1.6.9p17-3_i386.deb
to main/s/sudo/sudo-ldap_1.6.9p17-3_i386.deb
sudo_1.6.9p17-3.diff.gz
to main/s/sudo/sudo_1.6.9p17-3.diff.gz
sudo_1.6.9p17-3.dsc
to main/s/sudo/sudo_1.6.9p17-3.dsc
sudo_1.6.9p17-3_i386.deb
to main/s/sudo/sudo_1.6.9p17-3_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Bdale Garbee <[email protected]> (supplier of updated sudo package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 10 Jun 2010 17:30:33 -0600
Source: sudo
Binary: sudo sudo-ldap
Architecture: source i386
Version: 1.6.9p17-3
Distribution: stable-security
Urgency: high
Maintainer: Bdale Garbee <[email protected]>
Changed-By: Bdale Garbee <[email protected]>
Description:
sudo - Provide limited super user privileges to specific users
sudo-ldap - Provide limited super user privileges to specific users
Closes: 585394
Changes:
sudo (1.6.9p17-3) stable-security; urgency=high
.
* Patch from Moritz Muehlenhoff fixing CVE-2010-1646, in which secure path
could be circumvented, closes: #585394
Checksums-Sha1:
8cc1ed02c0d4b6c98a3a1dee14ad7f0f65840ce2 1636 sudo_1.6.9p17-3.dsc
fe14e8c7141ed7f9d2044fa3a21866f3a6362784 22680 sudo_1.6.9p17-3.diff.gz
506c110be0252deafc872f14e274174ef6211991 176354 sudo_1.6.9p17-3_i386.deb
dea5f107b705c7b77dc449d3aab50c6cb2bfa9bf 188014 sudo-ldap_1.6.9p17-3_i386.deb
Checksums-Sha256:
bb5393cb5503dc82e9393a680df606b4f14b868bac5d52a33dfaf3dec208faf1 1636
sudo_1.6.9p17-3.dsc
7668db5af6cb04c7d0614a3b95799d15ace955b900f4d4a6a5e2b525ccb5a0c7 22680
sudo_1.6.9p17-3.diff.gz
30f6b05218e6de9d4639a98be2bece49f96de923934987d935588656fa6b48d1 176354
sudo_1.6.9p17-3_i386.deb
81b1c72942f99b98b592f1a62040c59c31836d4485d4cec4b35fcfa92219e946 188014
sudo-ldap_1.6.9p17-3_i386.deb
Files:
c9e25ecaf202c03ef25df5ae1ff3f275 1636 admin optional sudo_1.6.9p17-3.dsc
0dbccca405985efdbad35890d3c3f8a1 22680 admin optional sudo_1.6.9p17-3.diff.gz
7afb577238bcf9d9b65ca69d70096157 176354 admin optional sudo_1.6.9p17-3_i386.deb
ce2cad49130d76a8190e9a2171cd8cd4 188014 admin optional
sudo-ldap_1.6.9p17-3_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQIVAwUBTBJYkDqTYZbAldlBAQoAmg//RgBIk8GOT22iUXE+WNul3mEofUQCjjKH
ZMZIuC9xk/HCAaY51cVYsXD8UNaACdXm3pD58UFuX5rtsg/FpMLhlVzwi/0i2Ofa
qSmdnA226C+wbfu7CwXN8M3sjTBfX/ufWWsTU9qv1Jd5/96p+ypc8PPvkDwpuFiW
+BCPV6NuGs4IONa+FJHTlTW7AF7/3jVsF1cWFzVh3mHEGfz9tRTHlDBdOsYvHIiV
b8Fhj0oNKLHegpVa86X3vKgJw5WB9/mnUoLyUQeUxsgTy3PdY5QLJNCwUO9sDIqk
b9D2/ui7CmPaUmyqJcI+36ekumDQXcphCMUqdRlFWQQXGJJJ/qsvyJQn8eCcandj
CRdGZfl/7EuVAZbBh/zc1QkLOnGBvYCCbJUYaWthU4d1LpJwH0AAPv+JKQVCnlYi
FRaQgiGWauHCB7M2uK2PM8xDDcY95meSG9SgAbiSE2p6aTWC51GtFBxpgBw7vGUB
c4znXnR17bckBkVyJsBZ/hhFHmUIRiWACDmWP2oyz0tCGFGPhjo/HCMN8qmO8W4x
awZyFRzywNig9nd/E7Yf3xOGYatyc51GcF7dW+OA/51ZNrD1jWGrAvC2YTW0+EgM
A8i8b9i+lbxCKVEvfE6OLcjtyatGBaxYChGVLk5cpqja37GKASVUN1mj7RIZW26H
tBoS1sNSkdE=
=E6P7
-----END PGP SIGNATURE-----
--- End Message ---
