What is the severity of REDHAT-BUG-844442?

REDHAT-BUG-844442 is considered a medium severity vulnerability due to its potential to allow unauthorized file access.

How do I fix REDHAT-BUG-844442?

To fix REDHAT-BUG-844442, update the sudo package to the latest version available for Red Hat Enterprise Linux 5.

What versions of software are affected by REDHAT-BUG-844442?

REDHAT-BUG-844442 affects the sudo package in Red Hat Enterprise Linux 5, specifically versions prior to the recommended updates.

What does the %postun script do in the context of REDHAT-BUG-844442?

The %postun script in REDHAT-BUG-844442 executes during package removal or upgrade and creates a temporary file insecurely.

Is the vulnerability REDHAT-BUG-844442 unique to a particular configuration?

REDHAT-BUG-844442 can affect any system running the specified versions of sudo in Red Hat Enterprise Linux 5 that utilize the vulnerable script.

Vulnerability/
REDHAT-BUG-844442

medium

CWE

362

30/7/2012

29/9/2019

REDHAT-BUG-844442: Race Condition

First published: Mon Jul 30 2012(Updated: )

The sudo packages in Red Hat Enterprise Linux 5 contained a %postun script (executed during the package removal or upgrade) that created a temporary file insecurely. The script did the following: # Remove the "sudoers:" line from nsswitch.conf if it's not modified if grep -q "^sudoers: files ldap$" ""/etc/nsswitch.conf""; then rm -f ""/var/tmp/nsswitch.conf.bak"" && \ touch ""/var/tmp/nsswitch.conf.bak"" && \ grep -v "^sudoers: files ldap$" ""/etc/nsswitch.conf"" > ""/var/tmp/nsswitch.conf.bak"" && \ mv -f ""/var/tmp/nsswitch.conf.bak"" ""/etc/nsswitch.conf"" fi There was a race condition between the removal of the temporary file and its re-creation using touch. A local attacker could possibly use this to create nsswitch.conf.bak file or symlink after rm -f "/var/tmp/nsswitch.conf.bak" was run and cause the script to overwrite arbitrary file with the contents of the /etc/nsswitch.conf file, or make the script create /etc/nsswitch.conf file with attacker controlled content and permissions. The attack would have to be executed during the sudo package upgrade or removal. This problem was introduced in the sudo erratum RHSA-2012:0309 which was released in Red Hat Enterprise Linux 5.8: <a href="https://rhn.redhat.com/errata/RHSA-2012-0309.html">https://rhn.redhat.com/errata/RHSA-2012-0309.html</a> The sudo packages in other Red Hat Enterprise Linux versions did not include this %postun script and were not affected this issue.

Affected Software	Affected Version	How to fix
Red Hat Enterprise Linux	>=5.8
Red Hat Sudo

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-844442?
REDHAT-BUG-844442 is considered a medium severity vulnerability due to its potential to allow unauthorized file access.
How do I fix REDHAT-BUG-844442?
To fix REDHAT-BUG-844442, update the sudo package to the latest version available for Red Hat Enterprise Linux 5.
What versions of software are affected by REDHAT-BUG-844442?
REDHAT-BUG-844442 affects the sudo package in Red Hat Enterprise Linux 5, specifically versions prior to the recommended updates.
What does the %postun script do in the context of REDHAT-BUG-844442?
The %postun script in REDHAT-BUG-844442 executes during package removal or upgrade and creates a temporary file insecurely.
Is the vulnerability REDHAT-BUG-844442 unique to a particular configuration?
REDHAT-BUG-844442 can affect any system running the specified versions of sudo in Red Hat Enterprise Linux 5 that utilize the vulnerable script.

collector/redhat-bugzilla
alias/CVE-2012-3440
agent/type
agent/first-publish-date
agent/last-modified-date
agent/weakness
agent/references
agent/severity
agent/description
agent/event
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/red hat
canonical/red hat enterprise linux
canonical/red hat sudo