Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 152856 - CAN-2004-1051 sudo - Bash scripts can be subverted
Summary: CAN-2004-1051 sudo - Bash scripts can be subverted
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: sudo
Version: unspecified
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.sudo.ws/sudo/alerts/bash_f...
Whiteboard: 1, LEGACY, rh73, rh90
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-11-20 10:43 UTC by Marc Deslauriers
Modified: 2007-03-27 04:29 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2005-05-13 00:54:14 UTC


Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:29:51 UTC
A flaw in exists in sudo's environment sanitizing prior to sudo
version 1.6.8p2 that could allow a malicious user with permission to
run a shell script that utilized the bash shell to run arbitrary
commands. The /bin/sh shell on most (if not all) Linux systems is bash.

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139671
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=139478
http://www.sudo.ws/sudo/alerts/bash_functions.html



------- Additional Comments From pekkas@netcore.fi 2004-12-21 10:14:53 ----

Red Hat closed this as a WONTFIX, but as many other vendors have reacted, I
guess we can as well, because this is such a simple case..

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Packaged the patch from Debian (http://www.debian.org/security/2004/dsa-596)
for RHL73, RHL9, and FC1 on a very straightforward way.  The same patch
applies to all of them.

http://www.netcore.fi/pekkas/linux/sudo-1.6.5p2-2.1.legacy.src.rpm (RHL73)
http://www.netcore.fi/pekkas/linux/sudo-1.6.6-3.1.legacy.src.rpm   (RHL9)
http://www.netcore.fi/pekkas/linux/sudo-1.6.7p5-2.1.legacy.src.rpm (FC1)

SHA1sums:
5c43e4020bc9c89b89ee042df60c75e8966e4081  sudo-1.6.5p2-2.1.legacy.src.rpm
6466c68e6dc677e7303e9c6a450996aec6da93fe  sudo-1.6.6-3.1.legacy.src.rpm
e0819ad97368f3059699054b0901362feb58fedb  sudo-1.6.7p5-2.1.legacy.src.rpm

Changelog:
* Tue Dec 21 2004 Pekka Savola <pekkas@netcore.fi> 1.6.6-3.1.legacy
- - Fix CAN-2004-1051 (#2291) with patch from Debian.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFByIP2GHbTkzxSL7QRAr11AKCEJpFghY1UrHpw2fjqJ4nQVg2VeQCffFys
XlbNfWK2Ia4RwoAbXEgs0Aw=
=+nle
-----END PGP SIGNATURE-----




------- Additional Comments From julien.gilli@idealx.com 2005-02-23 06:21:54 ----

Are those packages published on the official fedora legacy mirrors ? If not, is
there a chance for them to be released as official patches anytime soon ?

Thank you very much for your work !



------- Additional Comments From pekkas@netcore.fi 2005-02-23 06:30:54 ----

Maybe -- if someone (maybe you?) provides the QA :)

See http://www.fedoralegacy.org/participate/.



------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-05 20:00:01 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I did QA on Pekka's packages:

5c43e4020bc9c89b89ee042df60c75e8966e4081  sudo-1.6.5p2-2.1.legacy.src.rpm
6466c68e6dc677e7303e9c6a450996aec6da93fe  sudo-1.6.6-3.1.legacy.src.rpm
e0819ad97368f3059699054b0901362feb58fedb  sudo-1.6.7p5-2.1.legacy.src.rpm

- - Source files match previous release
- - Patch file matches Debian and looks good
- - Spec file changes good

+PUBLISH

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFCKpxVLMAs/0C4zNoRAtiGAKCXXuO/cgyNv8idxE7fEKIxproRewCgtOHB
sBWixQQeh9uHQSJiEz9T7kI=
=4Lx4
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers@videotron.ca 2005-03-07 03:25:04 ----

Packages were released to updates-testing



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:29 -------

This bug previously known as bug 2291 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=2291
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.



Comment 1 Eric Jon Rostetter 2005-04-12 18:29:49 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL 7.3
 
Package: sudo-1.6.5p2-2.2.legacy.i386.rpm
Signatures and checksums seem okay.
 
Package installed without problem via rpm -Uhv.  Seems to work fine
after testing the "visudo" and "sudo" commands.  Did not test expliot,
only functionality.
 
+VERIFY  for RHL 7.3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
iD8DBQFCXBL74jZRbknHoPIRAlS2AJ4gLBHakdmNwiETUndrGw/Vi3oWSQCggQYe
X63ZGvToIvHrr3EoJFFmmXg=
=bh4V
-----END PGP SIGNATURE-----


Comment 2 Eric Jon Rostetter 2005-04-12 18:40:08 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
QA for RHL 9
 
Package: sudo-1.6.6-3.2.legacy.i386.rpm
Signatures and checksums seem okay.
 
Package installed without problem via rpm -Uhv.  Seems to work fine
after testing the "visudo" and "sudo" commands.  Did not test expliot,
only functionality.
 
+VERIFY  for RHL 9
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
 
iD8DBQFCXBVT4jZRbknHoPIRAm0nAJwNeFYw3kgEvoB78XMhRPNW/oWEcwCfUDTG
iBlk/Sqfm4vAHY34jTQKTUo=
=/7WP
-----END PGP SIGNATURE-----


Comment 3 mschout 2005-05-10 00:15:49 UTC
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FC1 Verify:

sha1
a990c5c070acd9ae8c50181487f2f9cdacb38378 sudo-1.6.7p5-2.2.legacy.i386.rpm

dsa sha1 md5 gpg signatures OK

installed all packages without any warnings or errors

sudo works as expected

+VERIFY FC1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (FreeBSD)

iD8DBQFCgENz+CqvSzp9LOwRAoBxAJ948HB5LmUH6o40H7FwmN1PbvkEbQCgiB2B
xaPkM6c8WhPMN5LwwCe7Eac=
=WNcG
-----END PGP SIGNATURE-----


Comment 4 Marc Deslauriers 2005-05-13 00:54:14 UTC
Released to updates


Note You need to log in before you can comment on or make changes to this bug.