Package name
sudo
Date
2005-06-21
Advisory ID
MDKSA-2005:103
Affected versions
MNF2.0 i586 , 10.2 x86_64 , CS2.1 x86_64 , 10.0 amd64 , 10.2 i586 , 10.1 i586 , 10.0 i586 , CS3.0 x86_64 , CS3.0 i586 , CS2.1 i586 , 10.1 x86_64

Problem description

A race condition was discovered in sudo by Charles Morris. This could lead to the escalation of privileges if /etc/sudoers allowed a user to execute selected programs that were then followed by another line containing the pseudo-command "ALL". By creating symbolic links at a certain time, that user could execute arbitrary commands. The updated packages have been patched to correct this problem.

Updated packages

MNF2.0 i586

 7511b6ad68dca19c656c0f12fca0638f  mnf/2.0/RPMS/sudo-1.6.7-0.p5.2.2.M20mdk.i586.rpm
98d72851a4f7f7a0850c10f4b898b361  mnf/2.0/SRPMS/sudo-1.6.7-0.p5.2.2.M20mdk.src.rpm

10.2 x86_64

 56cba44d316f3d1623f20a3e5c102721  x86_64/10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.x86_64.rpm
c9abd9d5ad76e4c5d8da20af10ba4601  x86_64/10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

CS2.1 x86_64

 e971d73a7bd06d23d40d102bf113af75  x86_64/corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.x86_64.rpm
7520cfd6be4d4d2ce87787ebf1dccca2  x86_64/corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

10.0 amd64

 69b25ae195069271c0a037aaa1912722  amd64/10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.amd64.rpm
523d0cfc297e81c3381d5df89078b3bc  amd64/10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

10.2 i586

 fa3d69895a19bd321666c565e9919cdb  10.2/RPMS/sudo-1.6.8p1-2.1.102mdk.i586.rpm
c9abd9d5ad76e4c5d8da20af10ba4601  10.2/SRPMS/sudo-1.6.8p1-2.1.102mdk.src.rpm

10.1 i586

 07e35abe22a51cbb66d8969cb6cd7738  10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.i586.rpm
5d636e00903aa9f1e954b658754379f0  10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

10.0 i586

 0fdbddfa1ca2298a05261c77c2eb0b43  10.0/RPMS/sudo-1.6.7-0.p5.2.2.100mdk.i586.rpm
523d0cfc297e81c3381d5df89078b3bc  10.0/SRPMS/sudo-1.6.7-0.p5.2.2.100mdk.src.rpm

CS3.0 x86_64

 f392eecc2886cf8c73a4c27c3d86112d  x86_64/corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.x86_64.rpm
ded9307a4c361548d164765a421e0f9e  x86_64/corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm

CS3.0 i586

 551c661042bae4c9da2fab38fcfbf08a  corporate/3.0/RPMS/sudo-1.6.7-0.p5.2.2.C30mdk.i586.rpm
ded9307a4c361548d164765a421e0f9e  corporate/3.0/SRPMS/sudo-1.6.7-0.p5.2.2.C30mdk.src.rpm

CS2.1 i586

 0574ea8f264d1ac850bc7401da9dfd46  corporate/2.1/RPMS/sudo-1.6.6-2.2.C21mdk.i586.rpm
7520cfd6be4d4d2ce87787ebf1dccca2  corporate/2.1/SRPMS/sudo-1.6.6-2.2.C21mdk.src.rpm

10.1 x86_64

 3fe900becdac7248053415e5c37029ca  x86_64/10.1/RPMS/sudo-1.6.8p1-1.2.101mdk.x86_64.rpm
5d636e00903aa9f1e954b658754379f0  x86_64/10.1/SRPMS/sudo-1.6.8p1-1.2.101mdk.src.rpm

References