REDHAT-BUG-1283635: Race Condition
First published: Thu Nov 19 2015(Updated: )
A vulnerability in functionality for adding support of SHA-2 digests along with the command was found. The sudoers plugin performs this digest verification while matching rules, and later independently calls execve() to execute the binary. This results in a race condition if the digest functionality is used as suggested (in fact, the rules are matched before the user is prompted for a password, so there is not negligible time frame to replace the binary from underneath sudo). Versions affected are since 1.8.7. CVE assignment: <a href="http://seclists.org/oss-sec/2015/q4/327">http://seclists.org/oss-sec/2015/q4/327</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Todd Miller Sudo | >=1.8.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://seclists.org/oss-sec/2015/q4/327
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1283636
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1283635#c2
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1183818
- https://www.sudo.ws/repos/sudo/rev/24a3d9215c64
- https://www.sudo.ws/repos/sudo/rev/397722cdd7ec
- https://www.sudo.ws/repos/sudo/rev/0cd3cc8fa195
- https://bugzilla.redhat.com/show_bug.cgi?id=1283635
- agent/type
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2015-8239
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/sudo
- canonical/todd miller sudo