SuseSUSE-SA:2002:002local privilege escalation in sudo
EPSS
Percentile
0.4%
The SuSE Security Team discovered a bug in the sudo program which is installed setuid to root. Attackers may trick “sudo” to log failed sudo invocations executing the sendmail program with root-privileges and not completely cleaned environment. Depending on the installed mail-package this may enable attackers to execute code as root. This is the case for at least the postfix mailer. Other mailers may be exploited in a similar way. This bug has been fixed by having “sudo” invoke the sendmail command with user-privileges instead. Please update your sudo package regardless of the mail-packages you are using. As a temporary workaround you may remove the s-bit from sudo with the “chmod -s which sudo” command, which will disable the sudo functionality.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE | 7.1 | sparc | sudo | < 1.6.3p6-32 | sudo-1.6.3p6-32.sparc.rpm |
| openSUSE | 7.0 | i386 | sudo | < 1.6.3p6-85 | sudo-1.6.3p6-85.i386.rpm |
| openSUSE | 7.0 | sparc | sudo | < 1.6.3p6-33 | sudo-1.6.3p6-33.sparc.rpm |
| openSUSE | 7.3 | sparc | sudo | < 1.6.3p7-26 | sudo-1.6.3p7-26.sparc.rpm |
| openSUSE | 7.2 | i386 | sudo | < 1.6.3p6-86 | sudo-1.6.3p6-86.i386.rpm |
| openSUSE | 7.0 | ppc | sudo | < 1.6.3p6-41 | sudo-1.6.3p6-41.ppc.rpm |
| openSUSE | 7.1 | i386 | sudo | < 1.6.3p6-85 | sudo-1.6.3p6-85.i386.rpm |
| openSUSE | 7.0 | alpha | sudo | < 1.6.3p6-37 | sudo-1.6.3p6-37.alpha.rpm |
| openSUSE | 7.1 | alpha | sudo | < 1.6.3p6-36 | sudo-1.6.3p6-36.alpha.rpm |
| openSUSE | 7.3 | ppc | sudo | < 1.6.3p7-51 | sudo-1.6.3p7-51.ppc.rpm |
Related
