首页 -> 安全研究
安全研究
安全漏洞
Sudo未清环境变量导致以root身份执行命令漏洞
发布日期:2002-01-14
更新日期:2002-01-17
受影响系统:
Todd Miller Sudo 1.6.3不受影响系统:
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p1
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p2
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p3
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p4
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p5
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p6
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.3p7
- FreeBSD 4.4
- FreeBSD 4.3
- Linux系统
Todd Miller Sudo 1.6.4描述:
BUGTRAQ ID: 3871
CVE(CAN) ID: CVE-2002-0043
Sudo是一个免费的,开放源码的许可权限管理软件,运行于Linux及一些Unix平台下,程序由Todd C. Miller维护。
Sudo存在一个漏洞输入验证漏洞,可以使本地攻击者以root身份执行程序。
在某些情况下,sudo不会正确地清空程序运行时的环境变量。当sudo以root身份去运行一个程序比如MTA时,这可能会导致一个本地用户通过环境变量把非法的数据传递给程序。利用那些环境变量攻击者可能以root身份执行命令,从而提升自己的权限。
<*来源:Sebastian Krahmer (krahmer@suse.de)
链接:http://archives.neohapsis.com/archives/bugtraq/2002-01/0160.html
http://archives.neohapsis.com/archives/bugtraq/2002-01/0204.html
http://www.suse.com/de/support/security/2002_002_sudo_txt.txt
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-003.php
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
http://www.debian.org/security/2002/dsa-101
https://www.redhat.com/support/errata/RHSA-2002-013.html
http://www.linuxsecurity.com/advisories/other_advisory-1809.html
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 暂时去掉sudo程序的的suid属性。
# chmod a-s suid
厂商补丁:
Conectiva
---------
Conectiva已经为此发布了一个安全公告(CLA-2002:451)以及相应补丁:
CLA-2002:451:sudo
补丁下载:
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/sudo-1.6.4p1-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/sudo-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/sudo-doc-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/sudo-1.6.4p1-1U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/sudo-1.6.4p1-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/sudo-doc-1.6.4p1-1U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/sudo-1.6.4p1-1U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-1.6.4p1-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/sudo-doc-1.6.4p1-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/sudo-1.6.4p1-1U70_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-1.6.4p1-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/sudo-doc-1.6.4p1-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/SRPMS/sudo-1.6.4p1-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/sudo-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/ecommerce/i386/sudo-doc-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/SRPMS/sudo-1.6.4p1-1U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sudo-1.6.4p1-1U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/ferramentas/graficas/i386/sudo-doc-1.6.4p1-1U50_1cl.i386.rpm
Debian
------
Debian已经为此发布了一个安全公告(DSA-101-1)以及相应补丁:
DSA-101-1:New sudo packages fix local root exploit
链接:http://www.debian.org/security/2002/dsa-101
补丁下载:
Debian GNU/Linux 2.2 alias potato
- ------------------------------------
Source archives:
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.1.dsc
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2-2.1.diff.gz
http://security.debian.org/dists/stable/updates/main/source/sudo_1.6.2p2.orig.tar.gz
Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/sudo_1.6.2p2-2.1_alpha.deb
ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/sudo_1.6.2p2-2.1_arm.deb
Intel ia32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/sudo_1.6.2p2-2.1_i386.deb
Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/sudo_1.6.2p2-2.1_m68k.deb
PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/sudo_1.6.2p2-2.1_powerpc.deb
Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/sudo_1.6.2p2-2.1_sparc.deb
FreeBSD
-------
FreeBSD已经为此发布了一个安全公告(FreeBSD-SA-02:06)以及相应补丁:
FreeBSD-SA-02:06:sudo port may enable local privilege escalation
链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:06.sudo.asc
您可以采用下列方法中的任意一种来修复该安全漏洞:
1) 对整个移植集进行升级并重建该移植。
2) 卸载旧版软件包,再从下列地址下载并安装一个修正日期后发布的新版软件包:
[i386]
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/security/sudo-1.6.4.1.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/security/sudo-1.6.4.1.tgz
3) 从下列地址下载一个新版sudo移植架构并用它重建该移植:
http://www.freebsd.org/ports/
4) 用portcheckout自动执行第(3)条办法。portcheckout移植在
/usr/ports/devel/portcheckout,也可从下列地址下载:
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-4-stable/devel/portcheckout-2.0.tgz
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/devel/portcheckout-2.0.tgz
MandrakeSoft
------------
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2002:003)以及相应补丁:
MDKSA-2002:003:sudo update
链接:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-003.php3
补丁下载:
________________________________________________________________________
Updated Packages:
Linux-Mandrake 7.1:
18f6a3fcf02612b9793e4e5fa5837f57 7.1/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65 7.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Linux-Mandrake 7.2:
5bf0a34d9a7b8a25e8492d16c2023ae4 7.2/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65 7.2/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Mandrake Linux 8.0:
6485ad4e345eb0e4920f856d65808235 8.0/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65 8.0/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Mandrake Linux 8.0/ppc:
0a5621d56f98e4ee7f319df27bff056b ppc/8.0/RPMS/sudo-1.6.4-1.1mdk.ppc.rpm
8a585cf0aea36387a923800849f6dd65 ppc/8.0/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Mandrake Linux 8.1:
62485ba0edd13e7a574e65adcc9ccd90 8.1/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65 8.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Mandrake Linux 8.1/ia64:
f1003964d7e815bd0054db72dcefa289 ia64/8.1/RPMS/sudo-1.6.4-1.1mdk.ia64.rpm
8a585cf0aea36387a923800849f6dd65 ia64/8.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Corporate Server 1.0.1:
18f6a3fcf02612b9793e4e5fa5837f57 1.0.1/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65 1.0.1/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
Single Network Firewall 7.2:
5bf0a34d9a7b8a25e8492d16c2023ae4 snf7.2/RPMS/sudo-1.6.4-1.1mdk.i586.rpm
8a585cf0aea36387a923800849f6dd65 snf7.2/SRPMS/sudo-1.6.4-1.1mdk.src.rpm
________________________________________________________________________
上述升级软件可以在下列地址中的任意一个镜像ftp服务器上下载: http://www.mandrakesecure.net/en/ftp.php
RedHat
------
RedHat已经为此发布了一个安全公告(RHSA-2002:013-03)以及相应补丁:
RHSA-2002:013-03:Updated sudo package is available
链接:https://www.redhat.com/support/errata/RHSA-2002-013.html
补丁下载:
Red Hat Powertools 6.2:
SRPMS:
ftp://updates.redhat.com/6.2/en/powertools/SRPMS/sudo-1.6.4-0.6x.2.src.rpm
alpha:
ftp://updates.redhat.com/6.2/en/powertools/alpha/sudo-1.6.4-0.6x.2.alpha.rpm
i386:
ftp://updates.redhat.com/6.2/en/powertools/i386/sudo-1.6.4-0.6x.2.i386.rpm
sparc:
ftp://updates.redhat.com/6.2/en/powertools/sparc/sudo-1.6.4-0.6x.2.sparc.rpm
S.u.S.E.
--------
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2002:002)以及相应补丁:
SuSE-SA:2002:002:sudo
链接:http://www.suse.com/de/support/security/2002_002_sudo_txt.txt
补丁下载:
i386 Intel Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/i386/update/7.3/ap1/sudo-1.6.3p7-71.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.3/zq1/sudo-1.6.3p7-71.src.rpm
SuSE-7.2
ftp://ftp.suse.com/pub/suse/i386/update/7.2/ap1/sudo-1.6.3p6-86.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.2/zq1/sudo-1.6.3p6-86.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/i386/update/7.1/ap1/sudo-1.6.3p6-85.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.1/zq1/sudo-1.6.3p6-85.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/i386/update/7.0/ap1/sudo-1.6.3p6-85.i386.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/i386/update/7.0/zq1/sudo-1.6.3p6-85.src.rpm
Sparc Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/ap1/sudo-1.6.3p7-26.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.3/zq1/sudo-1.6.3p7-26.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/ap1/sudo-1.6.3p6-32.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.1/zq1/sudo-1.6.3p6-32.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/ap1/sudo-1.6.3p6-33.sparc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/sparc/update/7.0/zq1/sudo-1.6.3p6-33.src.rpm
AXP Alpha Platform:
SuSE-7.1
ftp://ftp.suse.com/pub/suse/axp/update/7.1/ap1/sudo-1.6.3p6-36.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.1/zq1/sudo-1.6.3p6-36.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/axp/update/7.0/ap1/sudo-1.6.3p6-37.alpha.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/axp/update/7.0/zq1/sudo-1.6.3p6-37.src.rpm
Power PC Platform:
SuSE-7.3
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/ap1/sudo-1.6.3p7-51.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.3/zq1/sudo-1.6.3p7-51.src.rpm
SuSE-7.1
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/ap1/sudo-1.6.3p6-42.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.1/zq1/sudo-1.6.3p6-42.src.rpm
SuSE-7.0
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/ap1/sudo-1.6.3p6-41.ppc.rpm
source rpm:
ftp://ftp.suse.com/pub/suse/ppc/update/7.0/zq1/sudo-1.6.3p6-41.src.rpm
Todd Miller
-----------
目前厂商已经发布了sudo 1.6.4版以修复这个安全问题,请到厂商的主页下载:
http://www.sudo.ws/sudo/dist/
浏览次数:4205
严重程度:0(网友投票)
绿盟科技给您安全的保障