drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen von Code mit höheren Privilegien in sudo
Name: |
Ausführen von Code mit höheren Privilegien in sudo |
|
ID: |
USN-3304-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10, Ubuntu 17.04 |
|
Datum: |
Di, 30. Mai 2017, 22:25 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000367 |
|
Applikationen: |
sudo |
|
Originalnachricht |
--===============4856289529517038102== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="lR6P3/j+HGelbRkf" Content-Disposition: inline
--lR6P3/j+HGelbRkf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline
========================================================================== Ubuntu Security Notice USN-3304-1 May 30, 2017
sudo vulnerability ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.04 - Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Sudo could be made to overwrite files as the administrator.
Software Description: - sudo: Provide limited super user privileges to specific users
Details:
It was discovered that Sudo did not properly parse the contents of /proc/[pid]/stat when attempting to determine its controlling tty. A local attacker in some configurations could possibly use this to overwrite any file on the filesystem, bypassing intended permissions.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.04: sudo 1.8.19p1-1ubuntu1.1 sudo-ldap 1.8.19p1-1ubuntu1.1
Ubuntu 16.10: sudo 1.8.16-0ubuntu3.2 sudo-ldap 1.8.16-0ubuntu3.2
Ubuntu 16.04 LTS: sudo 1.8.16-0ubuntu1.4 sudo-ldap 1.8.16-0ubuntu1.4
Ubuntu 14.04 LTS: sudo 1.8.9p5-1ubuntu1.4 sudo-ldap 1.8.9p5-1ubuntu1.4
In general, a standard system update will make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3304-1 CVE-2017-1000367
Package Information: https://launchpad.net/ubuntu/+source/sudo/1.8.19p1-1ubuntu1.1 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu3.2 https://launchpad.net/ubuntu/+source/sudo/1.8.16-0ubuntu1.4 https://launchpad.net/ubuntu/+source/sudo/1.8.9p5-1ubuntu1.4
--lR6P3/j+HGelbRkf Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJZLaS4AAoJEC8Jno0AXoH0smoQAJ4QZ7LeVXbzw9RRh1wQJREN /0G4PhUZPNTz2QsN9gZA3oozsWiukxPmh4hk8eSfegzyJKgQfOxiClFEQingykop DD0JyuN6s/sKiIIR/WhMdIlxgKCm98jful79azlnv5CpP9IrFyIgyMxVuqb1eYul BckyplWV0CSzMVtXSnYn1NGblKEsIc7QUG0MBRmYJp55LWPs0nIqP1sIiJ41yyUQ YcKThbrP/fBkbxBZGoMw91UpM/edVCX1r0OcF+UdVRRObrGgwTAYMYg8Zbi9SyEj 45APVyH6rNcuMNGR74T2YFN8/kKGqNxFGfRKo/Bhg3HsO6tkFEuBtP/VZZouFp9q O41/rv9avhZGcfKKmeSCfUt6PcYm/7H8JUa+WkPRCYKzpEgpBHtBp54zm0raofmS TNIrWwAXfygkaoTsV+kSopn+cunBanNSYf2CJUa+IZ0cqJMCnEBhQAz0+yjK5GgU YlghTWnxlqvsacIWLkLHU8R/qHwFF/GHXMon7Q5YL+iD4pU/vNq7UdihtyVXCjKP zW277RaA4AxtiFFSwSU1N4rqG2Ir5CGvJO8TAMBaWKcQ4OchsI2n1jfl7viOAXyK p9xUAumZn3kQpD266NpxrlJgsbYvnCNnJdh6LiSzy71e1Fromg4xMGRRrzgMbm9r 2CcpCYPSQdKLB+sNCStr =NUXA -----END PGP SIGNATURE-----
--lR6P3/j+HGelbRkf--
--===============4856289529517038102== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============4856289529517038102==--
|
|
|
|