Debian DSA-735-1 : sudo - pathname validation race

low Nessus Plugin ID 18603

Synopsis

The remote Debian host is missing a security-related update.

Description

A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file. A workaround is to move any ALL directives to the beginning of the sudoers file; see the advisory at for more information.

Solution

Upgrade the sudo package.

For the old stable Debian distribution (woody), this problem has been fixed in version 1.6.6-1.3woody1.

For the current stable distribution (sarge), this problem has been fixed in version 1.6.8p7-1.1sarge1.

Note that packages are not yet ready for certain architectures; these will be released as they become available.

See Also

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=315115

http://www.debian.org/security/2005/dsa-735

Plugin Details

Severity: Low

ID: 18603

File Name: debian_DSA-735.nasl

Version: 1.13

Type: local

Agent: unix

Published: 7/5/2005

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 3.7

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:sudo, cpe:/o:debian:debian_linux:3.0, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 7/1/2005

Reference Information

CVE: CVE-2005-1993

DSA: 735