Paketname
sudo
Datum
2010-04-17
Advisory ID
MDVSA-2010:078
Betroffene Versionen
MES5 i586 , 2010.0 x86_64 , 2010.0 i586 , 2009.1 i586 , 2009.1 x86_64 , CS4.0 i586 , 2008.0 x86_64 , CS4.0 x86_64 , 2008.0 i586 , MES5 x86_64

Problembeschreibung

A vulnerability has been found and corrected in sudo:

The command matching functionality in sudo 1.6.8 through 1.7.2p5 does
not properly handle when a file in the current working directory has
the same name as a pseudo-command in the sudoers file and the PATH
contains an entry for ., which allows local users to execute arbitrary
commands via a Trojan horse executable, as demonstrated using sudoedit,
a different vulnerability than CVE-2010-0426 (CVE-2010-1163).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Aktualisierte Pakete

MES5 i586

 3b933bf059e256b39720266c081366b7  mes5/i586/sudo-1.6.9p17-1.4mdvmes5.1.i586.rpm 
 3ce4545a21807d50a6c56c8793568e13  mes5/SRPMS/sudo-1.6.9p17-1.4mdvmes5.1.src.rpm

2010.0 x86_64

 8a58adfb365a2e4a72aac915888f3941  2010.0/x86_64/sudo-1.7.2-0.p1.1.2mdv2010.0.x86_64.rpm 
 97644d9dcc9192176ff164025888fe23  2010.0/SRPMS/sudo-1.7.2-0.p1.1.2mdv2010.0.src.rpm

2010.0 i586

 6836def05490065a3ef690a4db6ceaeb  2010.0/i586/sudo-1.7.2-0.p1.1.2mdv2010.0.i586.rpm 
 97644d9dcc9192176ff164025888fe23  2010.0/SRPMS/sudo-1.7.2-0.p1.1.2mdv2010.0.src.rpm

2009.1 i586

 5a7bf57e7c12755cd7bb9748ff1f7dfa  2009.1/i586/sudo-1.7.0-1.4mdv2009.1.i586.rpm 
 255a1fe014959704dfe62df017a35c64  2009.1/SRPMS/sudo-1.7.0-1.4mdv2009.1.src.rpm

2009.1 x86_64

 6909e7918c91397764ced733cff144b6  2009.1/x86_64/sudo-1.7.0-1.4mdv2009.1.x86_64.rpm 
 255a1fe014959704dfe62df017a35c64  2009.1/SRPMS/sudo-1.7.0-1.4mdv2009.1.src.rpm

CS4.0 i586

 760d7e5fae3e0283baee3fc68c7cbdb4  corporate/4.0/i586/sudo-1.6.8p8-2.5.20060mlcs4.i586.rpm 
 068d3d23081e2a62b87ebcb025ed6177  corporate/4.0/SRPMS/sudo-1.6.8p8-2.5.20060mlcs4.src.rpm

2008.0 x86_64

 c318cf27c9854dbf9ab3161b1ca0e4df  2008.0/x86_64/sudo-1.6.9p5-1.3mdv2008.0.x86_64.rpm 
 c08dc2b7a2c9b70eb7a88c7a0c27339b  2008.0/SRPMS/sudo-1.6.9p5-1.3mdv2008.0.src.rpm

CS4.0 x86_64

 1099c6e86bce8999137e592ff81202a2  corporate/4.0/x86_64/sudo-1.6.8p8-2.5.20060mlcs4.x86_64.rpm 
 068d3d23081e2a62b87ebcb025ed6177  corporate/4.0/SRPMS/sudo-1.6.8p8-2.5.20060mlcs4.src.rpm

2008.0 i586

 1c5dcba21c94b32d088cea290b9289c1  2008.0/i586/sudo-1.6.9p5-1.3mdv2008.0.i586.rpm 
 c08dc2b7a2c9b70eb7a88c7a0c27339b  2008.0/SRPMS/sudo-1.6.9p5-1.3mdv2008.0.src.rpm

MES5 x86_64

 b49b8aba5f3b10396be9d1444797999b  mes5/x86_64/sudo-1.6.9p17-1.4mdvmes5.1.x86_64.rpm 
 3ce4545a21807d50a6c56c8793568e13  mes5/SRPMS/sudo-1.6.9p17-1.4mdvmes5.1.src.rpm

Referenzen