English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 143769 CVE descriptions
and 71225 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 --------------------------------------------------------------------------
   Turbolinux Security Advisory TLSA-2005-17
   http://www.turbolinux.co.jp/security/
                                             security-team@turbolinux.co.jp
 --------------------------------------------------------------------------

 Original released date: 31 Jan 2005
 Last revised: 31 Jan 2005

 Package: sudo

 Summary: Environment variable sanitization bug permits root compromise

 More information:
    Sudo allows a system administrator to give certain users or groups of
    users the ability to run some or all commands as root while logging all
    commands and arguments.

    A vulnerability in sudo can allow local users to execute arbitrary
    commands by using "()"-style environment variables to create functions.

 Impact:
    This vulnerability can allow local users to gain root privileges.

 Affected Products:
    - Turbolinux 10 Server
    - Turbolinux Home
    - Turbolinux 10 F...
    - Turbolinux 10 Desktop
    - Turbolinux 8 Server
    - Turbolinux 8 Workstation
    - Turbolinux 7 Server
    - Turbolinux 7 Workstation

 Solution:
    Please use the turbopkg (zabom) tool to apply the update. 
 ---------------------------------------------
 [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., 
  Turbolinux Home]
 # turbopkg
 or
 # zabom -u sudo

 [other]
 # turbopkg
 or
 # zabom update sudo
 ---------------------------------------------


 <Turbolinux 10 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/SRPMS/sudo-1.6.7p5-3.src.rpm
       363932 c55a605d45e30cb8b0c7e2e648b3480d

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/10/updates/RPMS/sudo-1.6.7p5-3.i586.rpm
       143309 2ad10ba64ae16a019b943d667088e591

 <Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/SRPMS/sudo-1.6.7p5-3.src.rpm
       363932 22983d2b42dbdd6c0e3a3dd0cbab83c5

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/updates/RPMS/sudo-1.6.7p5-3.i586.rpm
       141482 6de7fcff4275c86ccbf0165430062a1f

 <Turbolinux 8 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/SRPMS/sudo-1.6.6-5.src.rpm
       342008 7d31c8fef75a812170bf824c0d0ac7d8

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/8/updates/RPMS/sudo-1.6.6-5.i586.rpm
       135478 3d1f1c11deea87c208c66331f55806bb

 <Turbolinux 8 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/SRPMS/sudo-1.6.6-5.src.rpm
       342008 d60029fa4def45151023163462816d8a

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/8/updates/RPMS/sudo-1.6.6-5.i586.rpm
       135520 50e476a695b7851b33e8714942ef646e

 <Turbolinux 7 Server>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/SRPMS/sudo-1.6.6-5.src.rpm
       342008 2e7e71649af34b4c8ab1ef838967f2ad

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Server/7/updates/RPMS/sudo-1.6.6-5.i586.rpm
       133703 849e1cadaa024f441580c2d4ce919737

 <Turbolinux 7 Workstation>

   Source Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/SRPMS/sudo-1.6.6-5.src.rpm
       342008 5d83737975d83e8ec6323fef523bd788

   Binary Packages
   Size: MD5

   ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Workstation/7/updates/RPMS/sudo-1.6.6-5.i586.rpm
       133638 d0494b069c57e7d6545e79b1932ec83a


 References:

 CVE
   [CAN-2004-1051]
   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1051

 --------------------------------------------------------------------------
 Revision History
    31 Jan 2005 Initial release
 --------------------------------------------------------------------------

 Copyright(C) 2005 Turbolinux, Inc. All rights reserved. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iD8DBQFB/gdNK0LzjOqIJMwRAnToAJ97ub0qwPlz/+BwccDg2w/5Cn6ZvgCfdhw+
k8KWXBXyso2s7EaaLy+oM9Q=
=vcgu
-----END PGP SIGNATURE-----

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe

© 1998-2019 E-Soft Inc. All rights reserved.