Ubuntu Security Notice 1046-1 - Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu.
cbd17cefa0607c1ef33b6ed2f963d362ae7aa92f029fde75d8d407dd186609fa===========================================================
Ubuntu Security Notice USN-1046-1 January 20, 2011
sudo vulnerability
CVE-2011-0010
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 9.10
Ubuntu 10.04 LTS
Ubuntu 10.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 9.10:
sudo 1.7.0-1ubuntu2.6
sudo-ldap 1.7.0-1ubuntu2.6
Ubuntu 10.04 LTS:
sudo 1.7.2p1-1ubuntu5.3
sudo-ldap 1.7.2p1-1ubuntu5.3
Ubuntu 10.10:
sudo 1.7.2p7-1ubuntu2.1
sudo-ldap 1.7.2p7-1ubuntu2.1
In general, a standard system update will make all the necessary changes.
Details follow:
Alexander Kurtz discovered that sudo would not prompt for a password when
a group was specified in the Runas_Spec. A local attacker could exploit
this to execute arbitrary code as the specified group if sudo was
configured to allow the attacker to use a program as this group. The group
Runas_Spec is not used in the default installation of Ubuntu.
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6.diff.gz
Size/MD5: 26877 0a131d32d3d6cb4810b95ba5421346b6
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6.dsc
Size/MD5: 1757 41c6991abbfea6b7cbe6708ab07d2186
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0.orig.tar.gz
Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_amd64.deb
Size/MD5: 311418 4e20db9f0d9d3da2d0c4bad38da97879
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_amd64.deb
Size/MD5: 335378 21dab3619780413d5cbe250d707b3fc0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_i386.deb
Size/MD5: 298826 ebb28d4fa3e93002d1d28d39cb4fdedb
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_i386.deb
Size/MD5: 320354 42f7b6769bc1d7e48cb7076ea3c76a48
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_armel.deb
Size/MD5: 297674 a9a685e1a467013faf4cc2d17a8bb51a
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_armel.deb
Size/MD5: 319706 79b5f034456f5f30f6e2794754da3983
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_lpia.deb
Size/MD5: 298850 4bf9a03f1475d941e127af7332760354
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_lpia.deb
Size/MD5: 320656 880c1c635f7d97878cf4959db30bb215
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_powerpc.deb
Size/MD5: 306898 7fbebd6a32691c8187043c3e448b1441
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_powerpc.deb
Size/MD5: 329952 035a583e9c71f4b0c541b4471d7a23dd
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_sparc.deb
Size/MD5: 302552 c51154d40cd999580d1e0684bf4724bc
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_sparc.deb
Size/MD5: 324594 c860cd6176d7a3769d484d85a9c05e0f
Updated packages for Ubuntu 10.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3.diff.gz
Size/MD5: 27664 1d366b7edf66dcb6ab3a0aef6543677b
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3.dsc
Size/MD5: 1771 0254600b76a959ce7f4751487e8aba1c
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1.orig.tar.gz
Size/MD5: 771059 4449d466a774f5ce401c9c0e3866c026
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_amd64.deb
Size/MD5: 327346 8ceaa2caa94f32bbb48687dcbf83e1d0
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_amd64.deb
Size/MD5: 351152 70927e8cc9fea948aa31fe27a0870a9e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_i386.deb
Size/MD5: 311848 f9b82d11e5773a77150cc6f48c45c20f
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_i386.deb
Size/MD5: 334294 a4a5e1ec0a6680c9c7804de9ddee0098
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_armel.deb
Size/MD5: 306620 6344b4adc273990b62a2f41eec2785d3
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_armel.deb
Size/MD5: 329590 2c3b34db34f64c970f9b7c2efc39d453
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_powerpc.deb
Size/MD5: 321892 447bbfffca308ac1b3fed6521b39bfc9
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_powerpc.deb
Size/MD5: 345714 dcc31787b19ddaf43ed387367853d353
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_sparc.deb
Size/MD5: 319240 37e0e3552e429346121219e86a96bb0e
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_sparc.deb
Size/MD5: 342374 8bfec5685fd75afd7b1b5607635b412b
Updated packages for Ubuntu 10.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1.debian.tar.gz
Size/MD5: 29268 fa37ae644d44ac952b7b2f354fb15734
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1.dsc
Size/MD5: 1797 b8aaf3f8081f86a24adc76705a0707e4
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7.orig.tar.gz
Size/MD5: 772356 3ac78668427a53e12d7639fdfab2f1af
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_amd64.deb
Size/MD5: 329962 19af3393ae15f16f63140beca6044ecd
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_amd64.deb
Size/MD5: 353426 f84c71db0a392a6ac392d35c1bdbd3df
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_i386.deb
Size/MD5: 314850 c6635045fd7e48b3a47b64e4cba7eb78
http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_i386.deb
Size/MD5: 336478 09f5c3d7ddc1cea3e9eb6e74c8590df1
armel architecture (ARM Architecture):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_armel.deb
Size/MD5: 314332 bdc71a8677516031b8275c50d9871032
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_armel.deb
Size/MD5: 336878 c55d7851cc45cdcdeba3eb626b0a6553
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_powerpc.deb
Size/MD5: 324918 af6829a76e25f55df562ba2e4c2e595c
http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_powerpc.deb
Size/MD5: 348046 75310ccb4b4a8e7571b947e131af42c4
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed