Bug 9207

Summary:	sudo new security issues CVE-2013-1775 and CVE-2013-1776
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	critical
Priority:	Normal	CC:	davidwhodgins, sysadmin-bugs, tmb
Version:	2	Keywords:	validated_update
Target Milestone:	---
Hardware:	i586
OS:	Linux
URL:	http://lwn.net/Vulnerabilities/540474/
Whiteboard:	MGA2-64-OK MGA2-32-OK
Source RPM:	sudo-1.8.3p2-2.mga2.src.rpm	CVE:
Status comment:

Description David Walser 2013-02-28 19:41:40 CET

Ubuntu has issued an advisory today (February 28):
http://www.ubuntu.com/usn/usn-1754-1/

This fixes CVE-2013-1775, which they rated as a high severity issue.

Upstream has issued the 1.8.6p7 release, which fixes this issue, as well as
CVE-2013-1776, which RedHat has rated as a low severity issue:
http://www.sudo.ws/sudo/stable.html
https://bugzilla.redhat.com/show_bug.cgi?id=916365

Freeze push requested for Cauldron.

Patched package uploaded for Mageia 2.

Advisory:
========================

Updated sudo packages fix security vulnerabilities:

Marco Schoepl discovered that Sudo incorrectly handled time stamp files
when the system clock is set to epoch. A local attacker could use this
issue to run Sudo commands without a password prompt (CVE-2013-1775).

Sudo before 1.8.6p7 allows a malicious user to run commands via sudo
without authenticating, so long as there exists a terminal the user has
access to where a sudo command was successfully run by that same user
within the password timeout period (usually five minutes) (CVE-2013-1776).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
http://www.sudo.ws/sudo/alerts/tty_tickets.html
http://www.ubuntu.com/usn/usn-1754-1/
========================

Updated packages in core/updates_testing:
========================
sudo-1.8.3p2-2.1.mga2
sudo-devel-1.8.3p2-2.1.mga2

from sudo-1.8.3p2-2.1.mga2.src.rpm

Reproducible: 

Steps to Reproduce:

Comment 1 David Walser 2013-02-28 22:00:08 CET

1.8.6p7 is now pushed in Cauldron.

Comment 2 Dave Hodgins 2013-02-28 22:36:30 CET

I couldn't recreate the problem, and if I understand it correctly,
after resetting the time to the epoch, the sudo command would have
to be entered within one second. so I'm just testing that the
updated package works.

Testing complete on Mageia 2 i586 and x86_64.

Could someone from the sysadmin team push the srpm
sudo-1.8.3p2-2.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated sudo packages fix security vulnerabilities:

Marco Schoepl discovered that Sudo incorrectly handled time stamp files
when the system clock is set to epoch. A local attacker could use this
issue to run Sudo commands without a password prompt (CVE-2013-1775).

Sudo before 1.8.6p7 allows a malicious user to run commands via sudo
without authenticating, so long as there exists a terminal the user has
access to where a sudo command was successfully run by that same user
within the password timeout period (usually five minutes) (CVE-2013-1776).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1775
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1776
http://www.sudo.ws/sudo/alerts/epoch_ticket.html
http://www.sudo.ws/sudo/alerts/tty_tickets.html
http://www.ubuntu.com/usn/usn-1754-1/

https://bugs.mageia.org/show_bug.cgi?id=9207

Keywords: (none) => validated_update
CC: (none) => davidwhodgins, sysadmin-bugs
Whiteboard: (none) => MGA2-64-OK MGA2-32-OK

Comment 3 Thomas Backlund 2013-03-01 22:29:41 CET

Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0078

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED

Comment 4 David Walser 2013-10-01 20:57:28 CEST

CVE-2013-1776 has now been split and there's a CVE-2013-2776 associated with it as well.  The reasons for the split are unclear.  Regardless, we've already fixed it.

http://lwn.net/Vulnerabilities/569024/