SkipNavigation
Home | FAQ | Contact | Privacy Policy
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric
 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

Vulnerability Note VU#424358

sudoedit can expose protected file contents

Overview

Sudo's -e option (sudoedit) improperly handles temporary files, allowing an attacker to read files that would otherwise be inaccessible.

I. Description

Sudo is a utility that allows specific users to run certain commands as root. Beginning with version 1.6.8, sudo provides safe editing functionality via sudoedit. Sudoedit allows specific users to edit certain files as root, as specified by the sudoers configuration file.

When sudoedit launches the specified editor, it reopens a temporary copy of the file to be edited with root privileges. If this temporary file is changed to be a symlink to a file with restricted access, the editor will display the contents of the file with restricted access.

II. Impact

An authenticated user who has the permissions to run sudoedit may be able to read protected files.

III. Solution

Apply a patch from your vendor

For vendor-specific information regarding vulnerable status and patch availability, please see the vendor section of this document.

Upgrade your version of sudo

Upgrade your system as specified by your vendor. If you need to upgrade sudo manually, get sudo 1.6.8p1. Note that only sudo 1.6.8 contains this vulnerability. Previous versions are not affected.

Disable sudoedit

This vulnerability is only exploitable if a user has explicitly been granted sudoedit permissions. If the sudoers configuration file does not grant permission to run sudoedit, then the vulnerability cannot be exploited.

Systems Affected

VendorStatusDate NotifiedDate Updated
Apple Computer Inc.Not Vulnerable17-Feb-2005
BSDIUnknown28-Sep-2004
ConectivaUnknown28-Sep-2004
Cray Inc.Not Vulnerable29-Sep-2004
DebianNot Vulnerable28-Sep-2004
EMC CorporationUnknown28-Sep-2004
EngardeUnknown28-Sep-2004
F5 NetworksUnknown28-Sep-2004
FreeBSDVulnerable29-Sep-2004
FujitsuUnknown28-Sep-2004
GentooUnknown28-Sep-2004
Hewlett-Packard CompanyUnknown28-Sep-2004
HitachiUnknown28-Sep-2004
IBMUnknown28-Sep-2004
IBM-zSeriesUnknown28-Sep-2004
IBM eServerUnknown28-Sep-2004
ImmunixUnknown28-Sep-2004
Ingrian NetworksUnknown28-Sep-2004
Juniper NetworksUnknown28-Sep-2004
MandrakeSoftNot Vulnerable29-Sep-2004
MontaVista SoftwareUnknown28-Sep-2004
NEC CorporationUnknown28-Sep-2004
NETBSDUnknown28-Sep-2004
NokiaUnknown28-Sep-2004
NovellUnknown28-Sep-2004
OpenBSDUnknown28-Sep-2004
Openwall GNU/*/LinuxNot Vulnerable29-Sep-2004
RedhatUnknown28-Sep-2004
SCOUnknown28-Sep-2004
SequentUnknown28-Sep-2004
SGIUnknown28-Sep-2004
Sony CorporationUnknown28-Sep-2004
Sun Microsystems Inc.Unknown28-Sep-2004
SuSE Inc.Unknown28-Sep-2004
TurboLinuxNot Vulnerable29-Sep-2004
UnisysUnknown28-Sep-2004
Wind River Systems Inc.Unknown28-Sep-2004

References


http://www.sudo.ws/sudo/alerts/sudoedit.html
http://secunia.com/advisories/12596/
http://xforce.iss.net/xforce/xfdb/17424
http://www.securityfocus.com/archive/1/375434/2004-09-13/2004-09-19/0
http://www.securityfocus.com/bid/11204/info/
http://www.securitytracker.com/alerts/2004/Sep/1011342.html
http://www.osvdb.org/10023

Credit

This vulnerability was reported by Reznic Valery.

This document was written by Will Dormann and is based on the information in the Sudo Alert .

Other Information

Date Public:2004-09-18
Date First Published:2004-10-19
Date Last Updated:2004-10-27
CERT Advisory: 
CVE-ID(s): 
NVD-ID(s): 
US-CERT Technical Alerts: 
Metric:5.25
Document Revision:12

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2004 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader