CVE-2015-8239: Race Condition
First published: Thu Nov 19 2015(Updated: )
A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve() to execute the binary. This results in a race condition if the digest functionality is used as suggested (in fact, the rules are matched before the user is prompted for a password, so there is not negligible time frame to replace the binary from underneath sudo). Versions affected are since 1.8.7. CVE assignment: <a href="http://seclists.org/oss-sec/2015/q4/327">http://seclists.org/oss-sec/2015/q4/327</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sudo | =1.8.8 | |
| Sudo | =1.8.8-b1 | |
| Sudo | =1.8.8-b2 | |
| Sudo | =1.8.8-b3 | |
| Sudo | =1.8.8-rc1 | |
| Sudo | =1.8.9 | |
| Sudo | =1.8.9-b1 | |
| Sudo | =1.8.9-b2 | |
| Sudo | =1.8.9-p1 | |
| Sudo | =1.8.9-p2 | |
| Sudo | =1.8.9-p3 | |
| Sudo | =1.8.9-p4 | |
| Sudo | =1.8.9-p5 | |
| Sudo | =1.8.9-rc1 | |
| Sudo | =1.8.9-rc2 | |
| Sudo | =1.8.10 | |
| Sudo | =1.8.10-b1 | |
| Sudo | =1.8.10-b2 | |
| Sudo | =1.8.10-b3 | |
| Sudo | =1.8.10-b4 | |
| Sudo | =1.8.10-p1 | |
| Sudo | =1.8.10-p2 | |
| Sudo | =1.8.10-p3 | |
| Sudo | =1.8.10-rc1 | |
| Sudo | =1.8.10-rc2 | |
| Sudo | =1.8.10-rc3 | |
| Sudo | =1.8.11 | |
| Sudo | =1.8.11-b1 | |
| Sudo | =1.8.11-b2 | |
| Sudo | =1.8.11-b3 | |
| Sudo | =1.8.11-b4 | |
| Sudo | =1.8.11-p1 | |
| Sudo | =1.8.11-p2 | |
| Sudo | =1.8.11-rc1 | |
| Sudo | =1.8.11-rc2 | |
| Sudo | =1.8.12 | |
| Sudo | =1.8.12-b1 | |
| Sudo | =1.8.12-b2 | |
| Sudo | =1.8.12-b3 | |
| Sudo | =1.8.12-rc1 | |
| Sudo | =1.8.12-rc2 | |
| Sudo | =1.8.13 | |
| Sudo | =1.8.13-b1 | |
| Sudo | =1.8.13-b2 | |
| Sudo | =1.8.13-b3 | |
| Sudo | =1.8.13-b4 | |
| Sudo | =1.8.13-rc1 | |
| Sudo | =1.8.13-rc2 | |
| Sudo | =1.8.14 | |
| Sudo | =1.8.14-b1 | |
| Sudo | =1.8.14-b2 | |
| Sudo | =1.8.14-b3 | |
| Sudo | =1.8.14-b4 | |
| Sudo | =1.8.14-p1 | |
| Sudo | =1.8.14-p2 | |
| Sudo | =1.8.14-p3 | |
| Sudo | =1.8.14-rc1 | |
| Sudo | =1.8.15 | |
| Sudo | =1.8.15-b1 | |
| Sudo | =1.8.15-b2 | |
| Sudo | =1.8.15-b3 | |
| Sudo | =1.8.15-b4 | |
| Sudo | =1.8.15-b5 | |
| Sudo | =1.8.15-rc1 | |
| Sudo | =1.8.15-rc2 | |
| Sudo | =1.8.15-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/oss-sec/2015/q4/327
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1283636
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1283635#c2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1183818
- https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
- https://www.sudo.ws/repos/sudo/rev/397722cdd7ec
- https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
- https://bugzilla.redhat.com/show_bug.cgi?id=1283635
- http://www.openwall.com/lists/oss-security/2015/11/18/22
Frequently Asked Questions
What is the severity of CVE-2015-8239?
CVE-2015-8239 is considered to have a high severity due to its potential exploitation leading to privilege escalation.
How do I fix CVE-2015-8239?
To fix CVE-2015-8239, you should update to a patched version of sudo, ideally version 1.8.10 or later.
What versions of sudo are affected by CVE-2015-8239?
CVE-2015-8239 affects sudo versions 1.8.8 through 1.8.14, including specific build variants.
What is the nature of the vulnerability in CVE-2015-8239?
CVE-2015-8239 involves a race condition in the digest verification process used in the sudoers plugin.
Is there a workaround for CVE-2015-8239 if I cannot update immediately?
A potential workaround is to limit permissions for the affected binaries until an update can be applied.
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/severity
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8239
- agent/weakness
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sudo project
- canonical/sudo
- version/sudo/1.8.8
- version/sudo/1.8.8-b1
- version/sudo/1.8.8-b2
- version/sudo/1.8.8-b3
- version/sudo/1.8.8-rc1
- version/sudo/1.8.9
- version/sudo/1.8.9-b1
- version/sudo/1.8.9-b2
- version/sudo/1.8.9-p1
- version/sudo/1.8.9-p2
- version/sudo/1.8.9-p3
- version/sudo/1.8.9-p4
- version/sudo/1.8.9-p5
- version/sudo/1.8.9-rc1
- version/sudo/1.8.9-rc2
- version/sudo/1.8.10
- version/sudo/1.8.10-b1
- version/sudo/1.8.10-b2
- version/sudo/1.8.10-b3
- version/sudo/1.8.10-b4
- version/sudo/1.8.10-p1
- version/sudo/1.8.10-p2
- version/sudo/1.8.10-p3
- version/sudo/1.8.10-rc1
- version/sudo/1.8.10-rc2
- version/sudo/1.8.10-rc3
- version/sudo/1.8.11
- version/sudo/1.8.11-b1
- version/sudo/1.8.11-b2
- version/sudo/1.8.11-b3
- version/sudo/1.8.11-b4
- version/sudo/1.8.11-p1
- version/sudo/1.8.11-p2
- version/sudo/1.8.11-rc1
- version/sudo/1.8.11-rc2
- version/sudo/1.8.12
- version/sudo/1.8.12-b1
- version/sudo/1.8.12-b2
- version/sudo/1.8.12-b3
- version/sudo/1.8.12-rc1
- version/sudo/1.8.12-rc2
- version/sudo/1.8.13
- version/sudo/1.8.13-b1
- version/sudo/1.8.13-b2
- version/sudo/1.8.13-b3
- version/sudo/1.8.13-b4
- version/sudo/1.8.13-rc1
- version/sudo/1.8.13-rc2
- version/sudo/1.8.14
- version/sudo/1.8.14-b1
- version/sudo/1.8.14-b2
- version/sudo/1.8.14-b3
- version/sudo/1.8.14-b4
- version/sudo/1.8.14-p1
- version/sudo/1.8.14-p2
- version/sudo/1.8.14-p3
- version/sudo/1.8.14-rc1
- version/sudo/1.8.15
- version/sudo/1.8.15-b1
- version/sudo/1.8.15-b2
- version/sudo/1.8.15-b3
- version/sudo/1.8.15-b4
- version/sudo/1.8.15-b5
- version/sudo/1.8.15-rc1
- version/sudo/1.8.15-rc2
- version/sudo/1.8.15-rc3