Jump to content

Ubuntu sudo vulnerablity


Dark_Matter

Recommended Posts

I know a few of you run Ubuntu linux figured i share this.

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

Ubuntu 5.04 (Hoary Hedgehog)

Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

sudo

The problem can be corrected by upgrading the affected package to

version 1.6.7p5-1ubuntu4.4 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.3 (for

Ubuntu 5.04), or 1.6.8p9-2ubuntu2.2 (for Ubuntu 5.10). In general, a

standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Charles Morris discovered a privilege escalation vulnerability in

sudo. On executing Perl scripts with sudo, various environment

variables that affect Perl's library search path were not cleaned

properly. If sudo is set up to grant limited sudo execution of Perl

scripts to normal users, this could be exploited to run arbitrary

commands as the target user.

This security update also filters out environment variables that can

be exploited similarly with Python, Ruby, and zsh scripts.

Please note that this does not affect the default Ubuntu installation,

or any setup that just grants full root privileges to certain users.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...