ports/131373: Sudo group vulnerability: CVE 2009-0034
Cy Schubert
cy at FreeBSD.org
Wed Feb 4 20:00:01 UTC 2009
>Number: 131373
>Category: ports
>Synopsis: Sudo group vulnerability: CVE 2009-0034
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Feb 04 20:00:00 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Cy Schubert
>Release: FreeBSD-2.0
>Organization:
FreeBSD
>Environment:
System: FreeBSD cwsys 7.1-STABLE FreeBSD 7.1-STABLE #1: Fri Jan 30 11:59:14 PST 2009 root at cwsys:/export/obj/opt/src/svn-stable7/sys/KOMQUATS i386
>Description:
A bug in sudo 1.6.9 to 1.6.9p19 allows users to run as a different user
than specified in an access rule.
>How-To-Repeat:
See CVS 2009-0034
>Fix:
Upgrade to sudo 1.7.0. Patch to port is below:
Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/security/sudo/Makefile,v
retrieving revision 1.100
diff -u -r1.100 Makefile
--- Makefile 21 Aug 2008 06:18:21 -0000 1.100
+++ Makefile 4 Feb 2009 19:21:10 -0000
@@ -6,7 +6,7 @@
#
PORTNAME= sudo
-PORTVERSION= 1.6.9.17
+PORTVERSION= 1.7.0
CATEGORIES= security
MASTER_SITES= http://www.sudo.ws/sudo/dist/ \
ftp://obsd.isc.org/pub/sudo/ \
@@ -16,7 +16,7 @@
ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ \
${MASTER_SITE_LOCAL}
MASTER_SITE_SUBDIR= tmclaugh/sudo
-DISTNAME= ${PORTNAME}-1.6.9p17
+DISTNAME= ${PORTNAME}-1.7.0
MAINTAINER= tmclaugh at FreeBSD.org
COMMENT= Allow others to run commands as root
@@ -62,7 +62,7 @@
CONFIGURE_ARGS+=--enable-shell-sets-home
.endif
-MAN5= sudoers.5
+MAN5= sudoers.5 sudoers.ldap.5
MAN8= sudo.8 visudo.8
MLINKS= sudo.8 sudoedit.8
@@ -77,8 +77,6 @@
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
- ${INSTALL_DATA} ${WRKSRC}/BUGS ${DOCSDIR}
- ${INSTALL_DATA} ${WRKSRC}/CHANGES ${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/TROUBLESHOOTING ${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/UPGRADE ${DOCSDIR}
Index: distinfo
===================================================================
RCS file: /home/pcvs/ports/security/sudo/distinfo,v
retrieving revision 1.60
diff -u -r1.60 distinfo
--- distinfo 6 Jul 2008 23:20:05 -0000 1.60
+++ distinfo 4 Feb 2009 19:21:10 -0000
@@ -1,3 +1,3 @@
-MD5 (sudo-1.6.9p17.tar.gz) = 60daf18f28e2c1eb7641c4408e244110
-SHA256 (sudo-1.6.9p17.tar.gz) = 1e2cd4ff684c6f542b7e392010021f36b201d074620dad4d7689da60f9c74596
-SIZE (sudo-1.6.9p17.tar.gz) = 593534
+MD5 (sudo-1.7.0.tar.gz) = 5fd96bba35fe29b464f7aa6ad255f0a6
+SHA256 (sudo-1.7.0.tar.gz) = 5f7de94287f39c8b3b8d86aed147967e9286f45740412004233858b637391978
+SIZE (sudo-1.7.0.tar.gz) = 744311
Index: pkg-plist
===================================================================
RCS file: /home/pcvs/ports/security/sudo/pkg-plist,v
retrieving revision 1.16
diff -u -r1.16 pkg-plist
--- pkg-plist 10 Apr 2008 14:00:22 -0000 1.16
+++ pkg-plist 4 Feb 2009 19:21:10 -0000
@@ -6,8 +6,6 @@
etc/sudoers.default
libexec/sudo_noexec.so
sbin/visudo
-%%PORTDOCS%%%%DOCSDIR%%/BUGS
-%%PORTDOCS%%%%DOCSDIR%%/CHANGES
%%PORTDOCS%%%%DOCSDIR%%/README
%%PORTDOCS%%%%DOCSDIR%%/TROUBLESHOOTING
%%PORTDOCS%%%%DOCSDIR%%/UPGRADE
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list