After digging around, I couldn't find any info other than what debian gave. I've weeded out their extra junk and made an LFS-conforming patch for anyone who uses sudo. I've also emailed the sudo list for their take on this vulnerability and it's proposed fix.
-- Archaic Want control, education, and security from your operating system? Hardened Linux From Scratch http://www.linuxfromscratch.org/hlfs
Submitted By: Archaic (archaic -aT- linuxfromscratch -DoT- org) Date: 2005-10-25 Initial Package Version: 1.6.8p9 Origin: http://ftp.debian.org/debian/pool/main/s/sudo/sudo_1.6.8p9-3.diff.gz Upstream Status: Sent Description: (CVE-2005-2959) Tavis Ormandy noticed that sudo does not clean the environment sufficiently. The SHELLOPTS and PS4 variables are dangerous and are still passed through to the program running as privileged user. This can result in the execution of arbitrary commands as privileged user when a bash script is executed. diff -Naur sudo-1.6.8p9.orig/env.c sudo-1.6.8p9/env.c --- sudo-1.6.8p9.orig/env.c 2005-02-06 15:37:01.000000000 +0000 +++ sudo-1.6.8p9/env.c 2005-10-25 22:55:45.000000000 +0000 @@ -89,6 +89,8 @@ static const char *initial_badenv_table[] = { "IFS", "CDPATH", + "SHELLOPTS", + "PS4", "LOCALDOMAIN", "RES_OPTIONS", "HOSTALIASES",
-- http://linuxfromscratch.org/mailman/listinfo/blfs-support FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
