Skip to navigation

Security Advisory sudo security update

Advisory: RHSA-2005:535-06
Type: Security Advisory
Severity: Moderate
Issued on: 2005-06-29
Last updated on: 2005-06-29
Affected Products: Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 2.1)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 2.1)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 2.1)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor
CVEs (cve.mitre.org): CVE-2005-1993

Details

An updated sudo package is available that fixes a race condition in sudo's
pathname validation.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root with logging.

A race condition bug was found in the way sudo handles pathnames. It is
possible that a local user with limited sudo access could create
a race condition that would allow the execution of arbitrary commands as
the root user. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2005-1993 to this issue.

Users of sudo should update to this updated package, which contains a
backported patch and is not vulnerable to this issue.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Desktop (v. 3)

SRPMS:
sudo-1.6.7p5-1.1.src.rpm
File outdated by:  RHBA-2005:641
    MD5: 670bef4d82a287e9535f7fccd4efdfd1
 
IA-32:
sudo-1.6.7p5-1.1.i386.rpm
File outdated by:  RHBA-2005:641
    MD5: 23df531eed9ce711914e2f4d238d9322
 
x86_64:
sudo-1.6.7p5-1.1.x86_64.rpm
File outdated by:  RHBA-2005:641
    MD5: a79750a35344a477b9bcf27ec01805b3
 
Red Hat Desktop (v. 4)

SRPMS:
sudo-1.6.7p5-30.1.1.src.rpm
File outdated by:  RHBA-2009:0263
    MD5: 5e6b35806f71086e25c90c948e9de9eb
 
IA-32:
sudo-1.6.7p5-30.1.1.i386.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9d5d60175e6466e4932fe03b8024f46a
 
x86_64:
sudo-1.6.7p5-30.1.1.x86_64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 7f50e0aa42511cb9ac58146c1d365ef1
 
Red Hat Enterprise Linux AS (v. 2.1)

SRPMS:
sudo-1.6.5p2-1.7x.2.src.rpm     MD5: db4e9debc37d376a713ca85ca13ebe78
 
IA-32:
sudo-1.6.5p2-1.7x.2.i386.rpm     MD5: a3bcf0e30524dfa8128f0d640f8acf0f
 
IA-64:
sudo-1.6.5p2-1.7x.2.ia64.rpm     MD5: d8f61c937dec4c6b059b44537af9004c
 
Red Hat Enterprise Linux AS (v. 3)

SRPMS:
sudo-1.6.7p5-1.1.src.rpm
File outdated by:  RHBA-2005:641
    MD5: 670bef4d82a287e9535f7fccd4efdfd1
 
IA-32:
sudo-1.6.7p5-1.1.i386.rpm
File outdated by:  RHBA-2005:641
    MD5: 23df531eed9ce711914e2f4d238d9322
 
IA-64:
sudo-1.6.7p5-1.1.ia64.rpm
File outdated by:  RHBA-2005:641
    MD5: 78171d924237063a1b77dc9a95977cb9
 
PPC:
sudo-1.6.7p5-1.1.ppc.rpm
File outdated by:  RHBA-2005:641
    MD5: f4e53a727bbd3fb4980985b6966370de
 
s390:
sudo-1.6.7p5-1.1.s390.rpm
File outdated by:  RHBA-2005:641
    MD5: 14a006ca6c3894523754879c622f0a94
 
s390x:
sudo-1.6.7p5-1.1.s390x.rpm
File outdated by:  RHBA-2005:641
    MD5: a72c3ed1380f5d891cf86e6a3f0cdc70
 
x86_64:
sudo-1.6.7p5-1.1.x86_64.rpm
File outdated by:  RHBA-2005:641
    MD5: a79750a35344a477b9bcf27ec01805b3
 
Red Hat Enterprise Linux AS (v. 4)

SRPMS:
sudo-1.6.7p5-30.1.1.src.rpm
File outdated by:  RHBA-2009:0263
    MD5: 5e6b35806f71086e25c90c948e9de9eb
 
IA-32:
sudo-1.6.7p5-30.1.1.i386.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9d5d60175e6466e4932fe03b8024f46a
 
IA-64:
sudo-1.6.7p5-30.1.1.ia64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9662c228a8a6614234c9e322fa1b61a3
 
PPC:
sudo-1.6.7p5-30.1.1.ppc.rpm
File outdated by:  RHBA-2009:0263
    MD5: a82f8e8cc9305999a9b1f72c7be8bf00
 
s390:
sudo-1.6.7p5-30.1.1.s390.rpm
File outdated by:  RHBA-2009:0263
    MD5: ea83b07cfad766d5c72721df2c73187c
 
s390x:
sudo-1.6.7p5-30.1.1.s390x.rpm
File outdated by:  RHBA-2009:0263
    MD5: d84b151a5cc2047bbf4aacb79eeffdd9
 
x86_64:
sudo-1.6.7p5-30.1.1.x86_64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 7f50e0aa42511cb9ac58146c1d365ef1
 
Red Hat Enterprise Linux ES (v. 2.1)

SRPMS:
sudo-1.6.5p2-1.7x.2.src.rpm     MD5: db4e9debc37d376a713ca85ca13ebe78
 
IA-32:
sudo-1.6.5p2-1.7x.2.i386.rpm     MD5: a3bcf0e30524dfa8128f0d640f8acf0f
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
sudo-1.6.7p5-1.1.src.rpm
File outdated by:  RHBA-2005:641
    MD5: 670bef4d82a287e9535f7fccd4efdfd1
 
IA-32:
sudo-1.6.7p5-1.1.i386.rpm
File outdated by:  RHBA-2005:641
    MD5: 23df531eed9ce711914e2f4d238d9322
 
IA-64:
sudo-1.6.7p5-1.1.ia64.rpm
File outdated by:  RHBA-2005:641
    MD5: 78171d924237063a1b77dc9a95977cb9
 
x86_64:
sudo-1.6.7p5-1.1.x86_64.rpm
File outdated by:  RHBA-2005:641
    MD5: a79750a35344a477b9bcf27ec01805b3
 
Red Hat Enterprise Linux ES (v. 4)

SRPMS:
sudo-1.6.7p5-30.1.1.src.rpm
File outdated by:  RHBA-2009:0263
    MD5: 5e6b35806f71086e25c90c948e9de9eb
 
IA-32:
sudo-1.6.7p5-30.1.1.i386.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9d5d60175e6466e4932fe03b8024f46a
 
IA-64:
sudo-1.6.7p5-30.1.1.ia64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9662c228a8a6614234c9e322fa1b61a3
 
x86_64:
sudo-1.6.7p5-30.1.1.x86_64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 7f50e0aa42511cb9ac58146c1d365ef1
 
Red Hat Enterprise Linux WS (v. 2.1)

SRPMS:
sudo-1.6.5p2-1.7x.2.src.rpm     MD5: db4e9debc37d376a713ca85ca13ebe78
 
IA-32:
sudo-1.6.5p2-1.7x.2.i386.rpm     MD5: a3bcf0e30524dfa8128f0d640f8acf0f
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
sudo-1.6.7p5-1.1.src.rpm
File outdated by:  RHBA-2005:641
    MD5: 670bef4d82a287e9535f7fccd4efdfd1
 
IA-32:
sudo-1.6.7p5-1.1.i386.rpm
File outdated by:  RHBA-2005:641
    MD5: 23df531eed9ce711914e2f4d238d9322
 
IA-64:
sudo-1.6.7p5-1.1.ia64.rpm
File outdated by:  RHBA-2005:641
    MD5: 78171d924237063a1b77dc9a95977cb9
 
x86_64:
sudo-1.6.7p5-1.1.x86_64.rpm
File outdated by:  RHBA-2005:641
    MD5: a79750a35344a477b9bcf27ec01805b3
 
Red Hat Enterprise Linux WS (v. 4)

SRPMS:
sudo-1.6.7p5-30.1.1.src.rpm
File outdated by:  RHBA-2009:0263
    MD5: 5e6b35806f71086e25c90c948e9de9eb
 
IA-32:
sudo-1.6.7p5-30.1.1.i386.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9d5d60175e6466e4932fe03b8024f46a
 
IA-64:
sudo-1.6.7p5-30.1.1.ia64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 9662c228a8a6614234c9e322fa1b61a3
 
x86_64:
sudo-1.6.7p5-30.1.1.x86_64.rpm
File outdated by:  RHBA-2009:0263
    MD5: 7f50e0aa42511cb9ac58146c1d365ef1
 
Red Hat Linux Advanced Workstation 2.1 for the Itanium Processor

SRPMS:
sudo-1.6.5p2-1.7x.2.src.rpm     MD5: db4e9debc37d376a713ca85ca13ebe78
 
IA-64:
sudo-1.6.5p2-1.7x.2.ia64.rpm     MD5: d8f61c937dec4c6b059b44537af9004c
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

161116 - CAN-2005-1993 sudo trusted user arbitrary command execution


References


Keywords

sudo


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/