漏洞信息详情
Sudo未清环境变量导致以root身份执行命令漏洞
- CNNVD编号:CNNVD-200201-013
- 危害等级: 高危
- CVE编号: CVE-2002-0043
- 漏洞类型: 输入验证
- 发布时间: 2002-01-31
- 威胁类型: 本地
- 更新时间: 2006-09-05
- 厂 商: todd_miller
- 漏洞来源: Sebastian Krahmer※...
漏洞简介
Sudo是一个免费的,开放源码的许可权限管理软件,运行于Linux及一些Unix平台下,程序由Todd C. Miller维护。 Sudo存在一个漏洞输入验证漏洞,可以使本地攻击者以root身份执行程序。 在某些情况下,sudo不会正确地清空程序运行时的环境变量。当sudo以root身份去运行一个程序比如MTA时,这可能会导致一个本地用户通过环境变量把非法的数据传递给程序。利用那些环境变量攻击者可能以root身份执行命令,从而提升自己的权限。
漏洞公告
临时解决方法: 如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 暂时去掉sudo程序的的suid属性。
# chmod a-s suid 厂商补丁: Conectiva --------- Conectiva已经为此发布了一个安全公告(CLA-2002:451)以及相应补丁:
CLA-2002:451:sudo
补丁下载:
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/sudo-1.6.4p1-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/sudo-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/sudo-doc-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/sudo-1.6.4p1-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/sudo-1.6.4p1-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/sudo-doc-1.6.4p1-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/sudo-1.6.4p1-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-1.6.4p1-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-doc-1.6.4p1-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/sudo-1.6.4p1-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-1.6.4p1-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-doc-1.6.4p1-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/sudo-1.6.4p1-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/sudo-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/sudo-doc-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/sudo-1.6.4p1-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sudo-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sudo-doc-1.6.4p1-1U50_1cl.i386.rpm Debian ------ Debian已经为此发布了一个安全公告(DSA-101-1)以及相应补丁:
DSA-101-1:New sudo packages fix local root exploit
链接: http://www.debian.org/security/2002/dsa-101
补丁下载:
Debian GNU/Linux 2.2 alias potato
- ------------------------------------
Source archives:
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.1.dsc
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.1_arm.deb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.1_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.1_sparc.deb FreeBSD ------- FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-02:06)以及相应补丁:
FreeBSD-SA-02:06:sudo port may enable local privilege escalation
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc
您可以采用下列方法中的任意一种来修复该安全漏洞:
1) 对整个移植集进行升级并重建该移植。
2) 卸载旧版软件包,再从下列地址下载并安装一个修正日期后发布的新版软件包:
[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.4.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.4.1.tgz
3) 从下列地址下载一个新版sudo移植架构并用它重建该移植:
http://www.freebsd.org/ports/
4) 用portcheckout自动执行第(3)条办法。portcheckout移植在
/usr/ports/devel/portcheckout,也可从下列地址下载:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz MandrakeSoft ------------ MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:003)以及相应补丁:
MDKSA-2002:003:sudo update
链接: http://www.linux
参考网址
来源: REDHAT 名称: RHSA-2002:013 链接:http://www.redhat.com/support/errata/RHSA-2002-013.HTML 来源: www.sudo.ws 链接:http://www.sudo.ws/sudo/alerts/postfix.HTML 来源: BUGTRAQ 名称: 20020114 Sudo version 1.6.4 now available (fwd) 链接:http://www.securityfocus.com/archive/1/250168 来源: XF 名称: sudo-unclean-env-root(7891) 链接:http://xforce.iss.net/static/7891.php 来源: BID 名称: 3871 链接:http://www.securityfocus.com/bid/3871 来源: IMMUNIX 名称: IMNX-2002-70-001-01 链接:http://www.securityfocus.com/advisories/3800 来源: REDHAT 名称: RHSA-2002:011 链接:http://www.redhat.com/support/errata/RHSA-2002-011.HTML 来源: SUSE 名称: SuSE-SA:2002:002 链接:http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.HTML 来源: DEBIAN 名称: DSA-101 链接:http://www.debian.org/security/2002/dsa-101 来源: BUGTRAQ 名称: 20020116 Sudo +Postfix Exploit 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101120193627756&w=2 来源: MANDRAKE 名称: MDKSA-2002:003 链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003 来源: CONECTIVA 名称: CLA-2002:451 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451 来源: FREEBSD 名称: FreeBSD-SA-02:06 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
受影响实体
- Todd_miller Sudo:1.6.3_p6
- Todd_miller Sudo:1.6.3_p7
- Todd_miller Sudo:1.6.3_p5
- Todd_miller Sudo:1.6.3_p4
- Todd_miller Sudo:1.6.3_p3
补丁
暂无
评论