You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa sudo

Sigurnosni nedostatak programskog paketa sudo

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-3968-2
May 29, 2019

sudo vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 ESM

Summary:

Sudo could be made to overwrite files if it received a specially
crafted input.

Software Description:
– sudo: Provide limited super user privileges to specific users

Details:

USN-3968-1 fixed a vulnerability in Sudo. This update provides
the corresponding update for Ubuntu 14.04 ESM.

Original advisory details:

 It was discovered that Sudo did not properly parse the contents of
 /proc/[pid]/stat when attempting to determine its controlling tty. A
 local attacker in some configurations could possibly use this to
 overwrite any file on the filesystem, bypassing intended permissions.
 (CVE-2017-1000368)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 ESM:
  sudo                            1.8.9p5-1ubuntu1.5+esm1
  sudo-ldap                       1.8.9p5-1ubuntu1.5+esm1

In general, a standard system update will make all the necessary
changes.

References:
  https://usn.ubuntu.com/usn/usn-3968-2
  https://usn.ubuntu.com/usn/usn-3968-1
  CVE-2017-1000368—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJc7sMYAAoJEEW851uECx9pCGoP/0YCnNk/MByG0Svk/1sYEpRX
X87Icq4yUVeFj0fUILhA9acsjeFn/tEPlRkF3bUiV83JqI5QJyZBMYhr9k9WH6eS
jFbMb0wgVkNDljqrzWO64iDTmeGmktj6oEbm59AdDeuB3BUs9boXs/7iQubANl/v
DQ8BJAGGgSUX+52nF4vtWi1O8pCRpLFW0aYfaGgr4PzOQl87nizumE7/xmtmP/7L
AfZy6K0572ibtFSaB6hlFg4Iaf4IF6brRWW8xGzFGB85wW/GdptOkwX2Ocw5TFsS
hDPrVz+EHMhgU4Nu8eGGRjwhKz7gp4NHPeypvalRdnbcNbNpWG5lCfdtJ+Q+PZHy
+T7I3a+p5jQZ95lEfT30+oUzv6z7AC6TozwZYT+t7RNpDSWLgYEzUWPNNvXuFcGU
LN4KkwdZye6NXtcCdi5cCJv/VxLScH9Crn8Soj9apsi7FIWdMZcVW92A2qBlsYGB
T3tZ8Adp7kaEef73IwDmKkjeVMT1Od6KwMik71qURsHl8xWUjwmhyALe81FMenkG
N69C6w2aMOyuPxW7YFyJRBkhZDh+o0V5as4Tx1ySHR/JJVZfwFz8167jfO82rGj7
h/r04ewZC5nmYMh8igrDEjtBo4VaM1+UE2YVRNAo8tK2iw7GVPWPa6DQdBSL+wLT
b5+48PFxgBHKIYAB7vV7
=umMK
—–END PGP SIGNATURE—–

AutorFilip Karamatic
Cert idNCERT-REF-2019-05-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
IzvorAdobe
Top
More in Preporuke
Sigurnosni nedostatak programskog paketa GNU Screen

Otkriven je sigurnosni nedostatak u programskom paketu GNU Screen za operacijski sustav Ubuntu. Otkriveni nedostatak potencijalnim napadačima omogućuje izazivanje DoS...

Close