Skip to navigation

Security Advisory Low: sudo security and bug fix update

Advisory: RHSA-2013:1353-1
Type: Security Advisory
Severity: Low
Issued on: 2013-09-30
Last updated on: 2013-09-30
Affected Products: Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
CVEs (cve.mitre.org): CVE-2013-1775
CVE-2013-1776
CVE-2013-2776

Details

An updated sudo package that fixes multiple security issues and several
bugs is now available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. Common Vulnerability Scoring System (CVSS) base scores,
which give detailed severity ratings, are available for each vulnerability
from the CVE links in the References section.

The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.

A flaw was found in the way sudo handled time stamp files. An attacker able
to run code as a local user and with the ability to control the system
clock could possibly gain additional privileges by running commands that
the victim user was allowed to run via sudo, without knowing the victim's
password. (CVE-2013-1775)

It was found that sudo did not properly validate the controlling terminal
device when the tty_tickets option was enabled in the /etc/sudoers file. An
attacker able to run code as a local user could possibly gain additional
privileges by running commands that the victim user was allowed to run via
sudo, without knowing the victim's password. (CVE-2013-1776, CVE-2013-2776)

This update also fixes the following bugs:

* Due to a bug in the cycle detection algorithm of the visudo utility,
visudo incorrectly evaluated certain alias definitions in the /etc/sudoers
file as cycles. Consequently, a warning message about undefined aliases
appeared. This bug has been fixed, /etc/sudoers is now parsed correctly by
visudo and the warning message no longer appears. (BZ#849679)

* Previously, the 'sudo -l' command did not parse the /etc/sudoers file
correctly if it contained an Active Directory (AD) group. The file was
parsed only up to the first AD group information and then the parsing
failed with the following message:

sudo: unable to cache group ADDOM\admingroup, already exists

With this update, the underlying code has been modified and 'sudo -l' now
parses /etc/sudoers containing AD groups correctly. (BZ#855836)

* Previously, the sudo utility did not escape the backslash characters
contained in user names properly. Consequently, if a system used sudo
integrated with LDAP or Active Directory (AD) as the primary authentication
mechanism, users were not able to authenticate on that system. With this
update, sudo has been modified to process LDAP and AD names correctly and
the authentication process now works as expected. (BZ#869287)

* Prior to this update, the 'visudo -s (strict)' command incorrectly parsed
certain alias definitions. Consequently, an error message was issued. The
bug has been fixed, and parsing errors no longer occur when using 'visudo
-s'. (BZ#905624)

All sudo users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/site/articles/11258

Updated packages

Red Hat Enterprise Linux (v. 5 server)

SRPMS:
sudo-1.7.2p1-28.el5.src.rpm
File outdated by:  RHSA-2014:0266
    MD5: d904877a65a4a6dde39be4870a7c36a1
SHA-256: 9e550738fd1e22ead5a69f66bf0595b1812fcd19c724ece4b300dad2462ff4e7
 
IA-32:
sudo-1.7.2p1-28.el5.i386.rpm
File outdated by:  RHSA-2014:0266
    MD5: 01c5d9860f9b6cd92416ef34ee50def7
SHA-256: b9336daf5b4f0918d9364d92f6b1cf09b93bb66da8d8e016d47612cc551db086
sudo-debuginfo-1.7.2p1-28.el5.i386.rpm
File outdated by:  RHSA-2014:0266
    MD5: 95f14ee31ba67d7e45652a6f8710352c
SHA-256: 5250b1d922f337fb31d6d8fda4952843224990c57fe64cc01b555dd17748b6b7
 
IA-64:
sudo-1.7.2p1-28.el5.ia64.rpm
File outdated by:  RHSA-2014:0266
    MD5: a4d03d5309228aaf1f68ab63b4e3233e
SHA-256: 70fcd915363df15f8c89478a8e717d348f8196ccd67ab141b1db38de25c7a80f
sudo-debuginfo-1.7.2p1-28.el5.ia64.rpm
File outdated by:  RHSA-2014:0266
    MD5: b421ae08916860dc648413d56be1cc4b
SHA-256: a5b31a570a40ab7bbf7b2b0ed87e1c9f2432ec6ca4966bae8506165487409963
 
PPC:
sudo-1.7.2p1-28.el5.ppc.rpm
File outdated by:  RHSA-2014:0266
    MD5: acdc7ae5ff5d53c9ec0a92468ffb1518
SHA-256: 04266f1bdeef2e6eeae0137fd54da9b1cf3ba94473c9b3e67d194c47350715ea
sudo-debuginfo-1.7.2p1-28.el5.ppc.rpm
File outdated by:  RHSA-2014:0266
    MD5: 59a46349b7c0177557a7fe0877b1013a
SHA-256: fa91fa9fb389e5986fbaf6c0fd0277e816f9c9110b43727277296c1e855ae8ff
 
s390x:
sudo-1.7.2p1-28.el5.s390x.rpm
File outdated by:  RHSA-2014:0266
    MD5: 75b1195c1e3ed1ca35c91fb828752cf4
SHA-256: 70a776da1005f4d34dd60a8c31608a5394651f94a043df18eab09fbdcbf7a0de
sudo-debuginfo-1.7.2p1-28.el5.s390x.rpm
File outdated by:  RHSA-2014:0266
    MD5: 6102589a89b7ee7f74c94bde99fb6f7f
SHA-256: 5498eccbc3dc7b1e52991bc5454f13bcf3b4e3b53416caa5aa3e54bd5aa1b407
 
x86_64:
sudo-1.7.2p1-28.el5.x86_64.rpm
File outdated by:  RHSA-2014:0266
    MD5: bd516f816a749d90fd750ef7282d49bb
SHA-256: 625935a0f06d7d0ec090f1a919fbd04f6c04b25ed74f60a5755a1fda37fe3675
sudo-debuginfo-1.7.2p1-28.el5.x86_64.rpm
File outdated by:  RHSA-2014:0266
    MD5: 04a4ee238cfe06e1acec16b17c05b9c5
SHA-256: 28fc010e00ab1b970c3357c24ee1404b9fb8c7b2bedc482ab7ce95c604aded7b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
sudo-1.7.2p1-28.el5.src.rpm
File outdated by:  RHSA-2014:0266
    MD5: d904877a65a4a6dde39be4870a7c36a1
SHA-256: 9e550738fd1e22ead5a69f66bf0595b1812fcd19c724ece4b300dad2462ff4e7
 
IA-32:
sudo-1.7.2p1-28.el5.i386.rpm
File outdated by:  RHSA-2014:0266
    MD5: 01c5d9860f9b6cd92416ef34ee50def7
SHA-256: b9336daf5b4f0918d9364d92f6b1cf09b93bb66da8d8e016d47612cc551db086
sudo-debuginfo-1.7.2p1-28.el5.i386.rpm
File outdated by:  RHSA-2014:0266
    MD5: 95f14ee31ba67d7e45652a6f8710352c
SHA-256: 5250b1d922f337fb31d6d8fda4952843224990c57fe64cc01b555dd17748b6b7
 
x86_64:
sudo-1.7.2p1-28.el5.x86_64.rpm
File outdated by:  RHSA-2014:0266
    MD5: bd516f816a749d90fd750ef7282d49bb
SHA-256: 625935a0f06d7d0ec090f1a919fbd04f6c04b25ed74f60a5755a1fda37fe3675
sudo-debuginfo-1.7.2p1-28.el5.x86_64.rpm
File outdated by:  RHSA-2014:0266
    MD5: 04a4ee238cfe06e1acec16b17c05b9c5
SHA-256: 28fc010e00ab1b970c3357c24ee1404b9fb8c7b2bedc482ab7ce95c604aded7b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

853203 - Sudo -i isn't passing command arguments containing spaces properly as of sudo-1.7.2p1-14.el5_8.3
856902 - Defauts:!<user> syntax in sudoers doesn't seem to work as expected
916363 - CVE-2013-1775 sudo: authentication bypass via reset system clock
916365 - CVE-2013-1776 sudo: bypass of tty_tickets constraints
949751 - CVE-2013-2776 sudo: bypass of tty_tickets constraints


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/