Skip to navigation

Security Advisory Low: sudo security, bug fix and enhancement update

Advisory: RHSA-2013:1701-2
Type: Security Advisory
Severity: Low
Issued on: 2013-11-21
Last updated on: 2013-11-21
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2013-1775
CVE-2013-2776
CVE-2013-2777

Details

An updated sudo package that fixes two security issues, several bugs, and
adds two enhancements is now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the way sudo handled time stamp files. An attacker able
to run code as a local user and with the ability to control the system
clock could possibly gain additional privileges by running commands that
the victim user was allowed to run via sudo, without knowing the victim's
password. (CVE-2013-1775)

It was found that sudo did not properly validate the controlling terminal
device when the tty_tickets option was enabled in the /etc/sudoers file.
An attacker able to run code as a local user could possibly gain additional
privileges by running commands that the victim user was allowed to run via
sudo, without knowing the victim's password. (CVE-2013-2776, CVE-2013-2777)

This update also fixes the following bugs:

* Previously, sudo did not support netgroup filtering for sources from the
System Security Services Daemon (SSSD). Consequently, SSSD rules were
applied to all users even when they did not belong to the specified
netgroup. With this update, netgroup filtering for SSSD sources has been
implemented. As a result, rules with a netgroup specification are applied
only to users that are part of the netgroup. (BZ#880150)

* When the sudo utility set up the environment in which it ran a command,
it reset the value of the RLIMIT_NPROC resource limit to the parent's value
of this limit if both the soft (current) and hard (maximum) values of
RLIMIT_NPROC were not limited. An upstream patch has been provided to
address this bug and RLIMIT_NPROC can now be set to "unlimited".
(BZ#947276)

* Due to the refactoring of the sudo code by upstream, the SUDO_USER
variable that stores the name of the user running the sudo command was not
logged to the /var/log/secure file as before. Consequently, user name
"root" was always recorded instead of the real user name. With this update,
the previous behavior of sudo has been restored. As a result, the expected
user name is now written to /var/log/secure. (BZ#973228)

* Due to an error in a loop condition in sudo's rule listing code, a buffer
overflow could have occurred in certain cases. This condition has been
fixed and the buffer overflow no longer occurs. (BZ#994626)

In addition, this update adds the following enhancements:

* With this update, sudo has been modified to send debug messages about
netgroup matching to the debug log. These messages should provide better
understanding of how sudo matches netgroup database records with values
from the running system and what the values are exactly. (BZ#848111)

* With this update, sudo has been modified to accept the ipa_hostname value
from the /etc/sssd/sssd.conf configuration file when matching netgroups.
(BZ#853542)

All sudo users are advised to upgrade to this updated package, which
contains backported patches to correct these issues and add
these enhancements.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

SRPMS:
sudo-1.8.6p3-12.el6.src.rpm     MD5: 64cebc9169915aa27c0b032dfc5bf37f
SHA-256: 33447d010a83f740fd5224a5e3ed20977576ea9d870e994fa9b7772412c9d16b
 
IA-32:
sudo-1.8.6p3-12.el6.i686.rpm     MD5: 4363e92ac44eb5bd23792b7086428857
SHA-256: 4facc2671ad65f719aba0932ddea8631b0653a664a73db21c86dc971a7076f3d
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
 
x86_64:
sudo-1.8.6p3-12.el6.x86_64.rpm     MD5: 35937bc12a7dd88adc53166b1357d784
SHA-256: 37367d5e0bb90b1111ec33e1f4d1688f55ed38b57743bce4a03e4c132a574270
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm     MD5: 20aa4c09ad0781f4ad3270e8ddd8694c
SHA-256: 5eaac7e29ad606002e99fb8c8e835be6a8264eead1d36828f13239107bb769ac
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
sudo-devel-1.8.6p3-12.el6.x86_64.rpm     MD5: 6b286870eafcc4755022fc862eee5058
SHA-256: 2cafd7bb7437da923069ed75b92f5c9310586f47f4f8e05d5fe429a2377347ef
 
Red Hat Enterprise Linux HPC Node (v. 6)

SRPMS:
sudo-1.8.6p3-12.el6.src.rpm     MD5: 64cebc9169915aa27c0b032dfc5bf37f
SHA-256: 33447d010a83f740fd5224a5e3ed20977576ea9d870e994fa9b7772412c9d16b
 
x86_64:
sudo-1.8.6p3-12.el6.x86_64.rpm     MD5: 35937bc12a7dd88adc53166b1357d784
SHA-256: 37367d5e0bb90b1111ec33e1f4d1688f55ed38b57743bce4a03e4c132a574270
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm     MD5: 20aa4c09ad0781f4ad3270e8ddd8694c
SHA-256: 5eaac7e29ad606002e99fb8c8e835be6a8264eead1d36828f13239107bb769ac
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
sudo-devel-1.8.6p3-12.el6.x86_64.rpm     MD5: 6b286870eafcc4755022fc862eee5058
SHA-256: 2cafd7bb7437da923069ed75b92f5c9310586f47f4f8e05d5fe429a2377347ef
 
Red Hat Enterprise Linux Server (v. 6)

SRPMS:
sudo-1.8.6p3-12.el6.src.rpm     MD5: 64cebc9169915aa27c0b032dfc5bf37f
SHA-256: 33447d010a83f740fd5224a5e3ed20977576ea9d870e994fa9b7772412c9d16b
 
IA-32:
sudo-1.8.6p3-12.el6.i686.rpm     MD5: 4363e92ac44eb5bd23792b7086428857
SHA-256: 4facc2671ad65f719aba0932ddea8631b0653a664a73db21c86dc971a7076f3d
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
 
PPC:
sudo-1.8.6p3-12.el6.ppc64.rpm     MD5: cb136adb6b0264fb70c3685fe0f60d68
SHA-256: 17aaa8178226b0d52cfb6a64ff864109526e22d56169451f883ef18f13f21de0
sudo-debuginfo-1.8.6p3-12.el6.ppc.rpm     MD5: f9d2303f642048d80fe4cfaa965bf2ca
SHA-256: 1c61d7e7602403a966a5ca3d8a245e959285a71e1202159ee1dc00de2ba5e718
sudo-debuginfo-1.8.6p3-12.el6.ppc64.rpm     MD5: 7d1f007de8a0cf1697b0bc0c26b7176d
SHA-256: b4c7464340a60dc14cd75a5079f4b4cfb15820206201a0c9eda4b3ac5dd77cf7
sudo-devel-1.8.6p3-12.el6.ppc.rpm     MD5: edd9c52fa5a1018be17885f5447e37a3
SHA-256: 762a24b71d5ddcf711294b912d571fa886fef76598161ed777ba1902e5352911
sudo-devel-1.8.6p3-12.el6.ppc64.rpm     MD5: 29cb459cd954567cf37f3b15fbfa65e5
SHA-256: ce0cadf4124e66fc4c127929385dd0586c4d3cef54038adea0d470c489a774d4
 
s390x:
sudo-1.8.6p3-12.el6.s390x.rpm     MD5: 5b2a0c3813e22049a17df682261636a6
SHA-256: d6d97cfdc78c5bd6445f410e8e9be5c41ab8312f5aa53efbed16c73c69a202d3
sudo-debuginfo-1.8.6p3-12.el6.s390.rpm     MD5: b2cb1603964406ac9c2ee17de96714c2
SHA-256: 59c6f034d0d9f8c40b547d3d3fee3e17e1911a500cc17e3208508b37f4acafcd
sudo-debuginfo-1.8.6p3-12.el6.s390x.rpm     MD5: 072bb05cee430367c167b5c832f8fbab
SHA-256: e3e02af45c8462a9e0e51de421a174830d91c44fbda14276f6d67cde2ec4a12e
sudo-devel-1.8.6p3-12.el6.s390.rpm     MD5: d82f697b2b48707cc54a3c7eb95bb24a
SHA-256: 43cf2997acbb76f218aa3222e113c65444e7d3e3c8e2a0e157a11b5f8734f1d7
sudo-devel-1.8.6p3-12.el6.s390x.rpm     MD5: 3d6cf41cfcee381cbeb1e4bd0ca8f684
SHA-256: a0d580c83f77a211c97300dea96672dabcd144a71f7ec9e786a4a31f27e8bb16
 
x86_64:
sudo-1.8.6p3-12.el6.x86_64.rpm     MD5: 35937bc12a7dd88adc53166b1357d784
SHA-256: 37367d5e0bb90b1111ec33e1f4d1688f55ed38b57743bce4a03e4c132a574270
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm     MD5: 20aa4c09ad0781f4ad3270e8ddd8694c
SHA-256: 5eaac7e29ad606002e99fb8c8e835be6a8264eead1d36828f13239107bb769ac
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
sudo-devel-1.8.6p3-12.el6.x86_64.rpm     MD5: 6b286870eafcc4755022fc862eee5058
SHA-256: 2cafd7bb7437da923069ed75b92f5c9310586f47f4f8e05d5fe429a2377347ef
 
Red Hat Enterprise Linux Workstation (v. 6)

SRPMS:
sudo-1.8.6p3-12.el6.src.rpm     MD5: 64cebc9169915aa27c0b032dfc5bf37f
SHA-256: 33447d010a83f740fd5224a5e3ed20977576ea9d870e994fa9b7772412c9d16b
 
IA-32:
sudo-1.8.6p3-12.el6.i686.rpm     MD5: 4363e92ac44eb5bd23792b7086428857
SHA-256: 4facc2671ad65f719aba0932ddea8631b0653a664a73db21c86dc971a7076f3d
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
 
x86_64:
sudo-1.8.6p3-12.el6.x86_64.rpm     MD5: 35937bc12a7dd88adc53166b1357d784
SHA-256: 37367d5e0bb90b1111ec33e1f4d1688f55ed38b57743bce4a03e4c132a574270
sudo-debuginfo-1.8.6p3-12.el6.i686.rpm     MD5: 735a630f549ed2f22bc7240b608fbd46
SHA-256: 63e4786aec2bfad02ded9a5aef89231027c53696017ed0c8672f76a273a4701c
sudo-debuginfo-1.8.6p3-12.el6.x86_64.rpm     MD5: 20aa4c09ad0781f4ad3270e8ddd8694c
SHA-256: 5eaac7e29ad606002e99fb8c8e835be6a8264eead1d36828f13239107bb769ac
sudo-devel-1.8.6p3-12.el6.i686.rpm     MD5: dba4a8349c47d874d4af43a3f7e8a5c3
SHA-256: f4c6ab5423995a51a15dfb465ef5e8822e499f6b475d800833821ab8a2dfc791
sudo-devel-1.8.6p3-12.el6.x86_64.rpm     MD5: 6b286870eafcc4755022fc862eee5058
SHA-256: 2cafd7bb7437da923069ed75b92f5c9310586f47f4f8e05d5fe429a2377347ef
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

856901 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
880150 - sssd +netgroup sudoUser is always matched
886648 - Access granted with invalid sudoRunAsUser/sudoRunAsGroup
916363 - CVE-2013-1775 sudo: authentication bypass via reset system clock
949751 - CVE-2013-2776 sudo: bypass of tty_tickets constraints
949753 - CVE-2013-2777 sudo: bypass of tty_tickets constraints
994563 - Warning in visudo: cycle in Host_Alias even without cycle
994626 - sudo -u <user> sudo -l show error: *** glibc detected *** sudo: realloc(): invalid next size: 0x00007f4ae2d10ec0 ***


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/