Ausführen von Code mit höheren Privilegien in sudo
ID: | USN-3304-1 |
Distribution: | Ubuntu |
Plattformen: | Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
Datum: | Di, 30. Mai 2017, 22:25 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367 |
Applikationen: | sudo |
Originalnachricht |
|
--===============4856289529517038102== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lR6P3/j+HGelbRkf" Content-Disposition: inline --lR6P3/j+HGelbRkf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline ========================================================================== Ubuntu Security Notice USN-3304-1 May 30, 2017 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Sudo could be made to overwrite files as the administrator. Software Description: - sudo: Provide limited super user privileges to specific users Details: It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.04: sudo 1.8.19p1-1ubuntu1.1 sudo-ldap 1.8.19p1-1ubuntu1.1 Ubuntu 16.10: sudo 1.8.16-0ubuntu3.2 sudo-ldap 1.8.16-0ubuntu3.2 Ubuntu 16.04 LTS: sudo 1.8.16-0ubuntu1.4 sudo-ldap 1.8.16-0ubuntu1.4 Ubuntu 14.04 LTS: sudo 1.8.9p5-1ubuntu1.4 sudo-ldap 1.8.9p5-1ubuntu1.4 In general, a standard system update will make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3304-1 CVE-2017-1000367 Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.19p1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu3.2 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.4 https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu1.4 --lR6P3/j+HGelbRkf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJZLaS4AAoJEC8Jno0AXoH0smoQAJ4QZ7LeVXbzw9RRh1wQJREN /0G4PhUZPNTz2QsN9gZA3oozsWiukxPmh4hk8eSfegzyJKgQfOxiClFEQingykop DD0JyuN6s/sKiIIR/WhMdIlxgKCm98jful79azlnv5CpP9IrFyIgyMxVuqb1eYul BckyplWV0CSzMVtXSnYn1NGblKEsIc7QUG0MBRmYJp55LWPs0nIqP1sIiJ41yyUQ YcKThbrP/fBkbxBZGoMw91UpM/edVCX1r0OcF+UdVRRObrGgwTAYMYg8Zbi9SyEj 45APVyH6rNcuMNGR74T2YFN8/kKGqNxFGfRKo/Bhg3HsO6tkFEuBtP/VZZouFp9q O41/rv9avhZGcfKKmeSCfUt6PcYm/7H8JUa+WkPRCYKzpEgpBHtBp54zm0raofmS TNIrWwAXfygkaoTsV+kSopn+cunBanNSYf2CJUa+IZ0cqJMCnEBhQAz0+yjK5GgU YlghTWnxlqvsacIWLkLHU8R/qHwFF/GHXMon7Q5YL+iD4pU/vNq7UdihtyVXCjKP zW277RaA4AxtiFFSwSU1N4rqG2Ir5CGvJO8TAMBaWKcQ4OchsI2n1jfl7viOAXyK p9xUAumZn3kQpD266NpxrlJgsbYvnCNnJdh6LiSzy71e1Fromg4xMGRRrzgMbm9r 2CcpCYPSQdKLB+sNCStr =NUXA -----END PGP SIGNATURE----- --lR6P3/j+HGelbRkf-- --===============4856289529517038102== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline -- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce --===============4856289529517038102==-- |