Packages
- sudo -
Details
Valerio Costamagna discovered that sudo did not properly validate the path
for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.').
If secure_path and ignore_dot were disabled, a local attacker could exploit
this to execute arbitrary code as root if sudo was configured to allow the
attacker to use sudoedit. By default, secure_path is used and the sudoedit
pseudo-command is not used in Ubuntu. This is a different but related issue
to CVE-2010-0426.
Valerio Costamagna discovered that sudo did not properly validate the path
for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.').
If secure_path and ignore_dot were disabled, a local attacker could exploit
this to execute arbitrary code as root if sudo was configured to allow the
attacker to use sudoedit. By default, secure_path is used and the sudoedit
pseudo-command is not used in Ubuntu. This is a different but related issue
to CVE-2010-0426.
Update instructions
In general, a standard system upgrade is sufficient to effect the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 9.10 karmic | sudo-ldap – 1.7.0-1ubuntu2.2 | ||
| sudo – 1.7.0-1ubuntu2.2 | |||
| 9.04 jaunty | sudo-ldap – 1.6.9p17-1ubuntu3.2 | ||
| sudo – 1.6.9p17-1ubuntu3.2 | |||
| 8.10 intrepid | sudo-ldap – 1.6.9p17-1ubuntu2.3 | ||
| sudo – 1.6.9p17-1ubuntu2.3 | |||
| 8.04 hardy | sudo-ldap – 1.6.9p10-1ubuntu3.7 | ||
| sudo – 1.6.9p10-1ubuntu3.7 | |||
| 6.06 dapper | sudo-ldap – 1.6.8p12-1ubuntu6.2 | ||
| sudo – 1.6.8p12-1ubuntu6.2 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.