Secunia Security Advisory - Tavis Ormandy has reported a vulnerability in Sudo, which can be exploited by malicious, local users to gain escalated privileges.
7bf3f763612526d7fd4b136a0c3e9ba30b6939a443c1c265e3f33d146dd63128
TITLE:
Sudo Python Environment Cleaning Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
SA18358
VERIFY ADVISORY:
http://secunia.com/advisories/18358/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
Sudo 1.x
http://secunia.com/product/3929/
DESCRIPTION:
Tavis Ormandy has reported a vulnerability in Sudo, which can be
exploited by malicious, local users to gain escalated privileges.
The vulnerability is caused due to an error within the environment
cleaning. This can be exploited by a user with sudo access to a
python script to gain access to an interactive python prompt via the
"PYTHONINSPECT" environment variable.
The vulnerability is related to:
SA17318
SOLUTION:
Clean untrusted environment variables using the "env_reset" or
"env_delete" directive in the sudoer's file.
PROVIDED AND/OR DISCOVERED BY:
Tavis Ormandy
ORIGINAL ADVISORY:
http://www.ubuntulinux.org/usn/usn-235-2
OTHER REFERENCES:
SA17318:
http://secunia.com/advisories/17318/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------