正文

Sudo Python环境变量处理安全性绕过漏洞

admin
admin V管理员 /0 评论 /10 阅读
0104
此篇文章发布距今已超过1278天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

Sudo Python环境变量处理安全性绕过漏洞

  • CNNVD编号:CNNVD-200601-073
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2006-0151
  • 漏洞类型: 输入验证
  • 发布时间: 2006-01-09
  • 威胁类型: 本地
  • 更新时间: 2006-01-15
  • 厂        商: todd_miller
  • 漏洞来源: Tavis Ormandy is c...

漏洞简介

sudo 1.6.8和其他版本未清除PYTHONINSPECT环境变量,这可让有限的本地用户通过Python脚本获取特权。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Todd Miller Sudo 1.5.6

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.5.7

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.5.8

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.5.9

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.1

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.2

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p1

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p5

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p4

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p7

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p6

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p2

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.3 p3

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.4 p2

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.4 p1

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.4

Mandriva sudo-1.6.7-0.p5.2.5.M20mdk.i586.rpm

Multi Network Firewall 2.0:

http://wwwnew.mandriva.com/en/downloads

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.5 p2

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.5 p1

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.5

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.6

Slackware sudo-1.6.8p12-i386-1.tgz

Slackware 8.1:

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/s udo-1.6.8p12-i386-1.tgz

Slackware sudo-1.6.8p12-i386-1.tgz

Slackware 9.0:ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sudo-1.6.8p12-i386-1.tgz

ftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/s udo-1.6.8p12-i386-1.tgz

Slackware sudo-1.6.8p12-i386-1.tgz

Slackware 9.0:

ftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/s udo-1.6.8p12-i386-1.tgz

Slackware sudo-1.6.8p12-i486-1.tgz

10.0:

ftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/ sudo-1.6.8p12-i486-1.tgz

Slackware sudo-1.6.8p12-i486-1.tgz

Slackware 9.1:Slackware 9.1:

ftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/s udo-1.6.8p12-i486-1.tgz

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.7 p5

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.7

Mandriva sudo-1.6.7-0.p5.2.5.C30mdk.i586.rpm

Corporate 3.0:

http://wwwnew.mandriva.com/en/downloads

Mandriva sudo-1.6.7-0.p5.2.5.C30mdk.x86_64.rpm

Corporate 3.0:

http://wwwnew.mandriva.com/en/downloads

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.8 p9

Slackware sudo-1.6.8p12-i486-1.tgz

Slackware 10.2:

ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ sudo-1.6.8p12-i486-1.tgz

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Trustix sudo-1.6.8p12-1tr.i586.rpm

TSL 3.0

ftp://ftp.trustix.org/pub/trustix/updates

Todd Miller Sudo 1.6.8 p5

Todd Miller sudo-1.6.8p12.tar.gz

http://www.sudo.ws/sudo/download.html

Todd Miller Sudo 1.6.8

Slackware su

参考网址

来源: SECUNIA

名称: 18363

链接:http://secunia.com/advisories/18363

来源: UBUNTU

名称: USN-235-2

链接:http://www.ubuntulinux.org/support/documentation/usn/usn-235-2

来源: BID

名称: 16184

链接:http://www.securityfocus.com/bid/16184

来源: SECUNIA

名称: 18358

链接:http://secunia.com/advisories/18358

来源: TRUSTIX

名称: 2006-0010

链接:http://www.trustix.org/errata/2006/0010

来源: SUSE

名称: SUSE-SR:2006:002

链接:http://www.novell.com/linux/security/advisories/2006_02_sr.html

来源: MANDRIVA

名称: MDKSA-2006:159

链接:http://www.mandriva.com/security/advisories?name=MDKSA-2006:159

来源: DEBIAN

名称: DSA-946

链接:http://www.debian.org/security/2006/dsa-946

来源: SLACKWARE

名称: SSA:2006-045-08

链接:http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822

来源: SECUNIA

名称: 21692

链接:http://secunia.com/advisories/21692

来源: SECUNIA

名称: 19016

链接:http://secunia.com/advisories/19016

来源: SECUNIA

名称: 18906

链接:http://secunia.com/advisories/18906

来源: SECUNIA

名称: 18558

链接:http://secunia.com/advisories/18558

来源: SECUNIA

名称: 18549

链接:http://secunia.com/advisories/18549

来源: MANDRIVA

名称: MDKSA-2006:159

链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:159

受影响实体

  • Todd_miller Sudo:1.5.6  
    <!--
    2000-1-1
    -->
  • Todd_miller Sudo:1.5.7  
    <!--
    2000-1-1
    -->
  • Todd_miller Sudo:1.5.8  
    <!--
    2000-1-1
    -->
  • Todd_miller Sudo:1.5.9  
    <!--
    2000-1-1
    -->
  • Todd_miller Sudo:1.6  
    <!--
    2000-1-1
    -->

补丁

    暂无