From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Feb 4 20:00:01 2009 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 525DE1065688 for ; Wed, 4 Feb 2009 20:00:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 1F2968FC1D for ; Wed, 4 Feb 2009 20:00:01 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.3/8.14.3) with ESMTP id n14K00qO079596 for ; Wed, 4 Feb 2009 20:00:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.3/8.14.3/Submit) id n14K00w0079595; Wed, 4 Feb 2009 20:00:00 GMT (envelope-from gnats) Resent-Date: Wed, 4 Feb 2009 20:00:00 GMT Resent-Message-Id: <200902042000.n14K00w0079595@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Cy Schubert Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9AD82106567F for ; Wed, 4 Feb 2009 19:53:09 +0000 (UTC) (envelope-from Cy.Schubert@komquats.com) Received: from idcmail-mo2no.shaw.ca (idcmail-mo2no.shaw.ca [64.59.134.9]) by mx1.freebsd.org (Postfix) with ESMTP id 6A55B8FC17 for ; Wed, 4 Feb 2009 19:53:09 +0000 (UTC) (envelope-from Cy.Schubert@komquats.com) Received: from pd6ml1no-ssvc.prod.shaw.ca ([10.0.153.160]) by pd6mo1no-svcs.prod.shaw.ca with ESMTP; 04 Feb 2009 12:25:25 -0700 Received: from s01060002b31a8191.gv.shawcable.net (HELO spqr.komquats.com) ([24.68.166.226]) by pd6ml1no-dmz.prod.shaw.ca with ESMTP; 04 Feb 2009 12:25:24 -0700 Received: from cwsys.cwsent.com (cwsys [10.1.1.1]) by spqr.komquats.com (Postfix) with ESMTP id 62478410FA for ; Wed, 4 Feb 2009 11:25:24 -0800 (PST) Received: from cwsys.cwsent.com (localhost [127.0.0.1]) by cwsys.cwsent.com (8.14.3/8.14.3) with ESMTP id n14JPNwJ032708 for ; Wed, 4 Feb 2009 11:25:23 -0800 (PST) (envelope-from Cy.Schubert@komquats.com) Received: (from cy@localhost) by cwsys.cwsent.com (8.14.3/8.13.1/Submit) id n14JPNfG032707; Wed, 4 Feb 2009 11:25:23 -0800 (PST) (envelope-from cy) Message-Id: <200902041925.n14JPNfG032707@cwsys.cwsent.com> Date: Wed, 4 Feb 2009 11:25:23 -0800 (PST) From: Cy Schubert To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/131373: Sudo group vulnerability: CVE 2009-0034 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Cy Schubert List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 Feb 2009 20:00:01 -0000 >Number: 131373 >Category: ports >Synopsis: Sudo group vulnerability: CVE 2009-0034 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Feb 04 20:00:00 UTC 2009 >Closed-Date: >Last-Modified: >Originator: Cy Schubert >Release: FreeBSD-2.0 >Organization: FreeBSD >Environment: System: FreeBSD cwsys 7.1-STABLE FreeBSD 7.1-STABLE #1: Fri Jan 30 11:59:14 PST 2009 root@cwsys:/export/obj/opt/src/svn-stable7/sys/KOMQUATS i386 >Description: A bug in sudo 1.6.9 to 1.6.9p19 allows users to run as a different user than specified in an access rule. >How-To-Repeat: See CVS 2009-0034 >Fix: Upgrade to sudo 1.7.0. Patch to port is below: Index: Makefile =================================================================== RCS file: /home/pcvs/ports/security/sudo/Makefile,v retrieving revision 1.100 diff -u -r1.100 Makefile --- Makefile 21 Aug 2008 06:18:21 -0000 1.100 +++ Makefile 4 Feb 2009 19:21:10 -0000 @@ -6,7 +6,7 @@ # PORTNAME= sudo -PORTVERSION= 1.6.9.17 +PORTVERSION= 1.7.0 CATEGORIES= security MASTER_SITES= http://www.sudo.ws/sudo/dist/ \ ftp://obsd.isc.org/pub/sudo/ \ @@ -16,7 +16,7 @@ ftp://ftp.wiretapped.net/pub/security/host-security/sudo/ \ ${MASTER_SITE_LOCAL} MASTER_SITE_SUBDIR= tmclaugh/sudo -DISTNAME= ${PORTNAME}-1.6.9p17 +DISTNAME= ${PORTNAME}-1.7.0 MAINTAINER= tmclaugh@FreeBSD.org COMMENT= Allow others to run commands as root @@ -62,7 +62,7 @@ CONFIGURE_ARGS+=--enable-shell-sets-home .endif -MAN5= sudoers.5 +MAN5= sudoers.5 sudoers.ldap.5 MAN8= sudo.8 visudo.8 MLINKS= sudo.8 sudoedit.8 @@ -77,8 +77,6 @@ .if !defined(NOPORTDOCS) ${MKDIR} ${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/BUGS ${DOCSDIR} - ${INSTALL_DATA} ${WRKSRC}/CHANGES ${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/TROUBLESHOOTING ${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/UPGRADE ${DOCSDIR} Index: distinfo =================================================================== RCS file: /home/pcvs/ports/security/sudo/distinfo,v retrieving revision 1.60 diff -u -r1.60 distinfo --- distinfo 6 Jul 2008 23:20:05 -0000 1.60 +++ distinfo 4 Feb 2009 19:21:10 -0000 @@ -1,3 +1,3 @@ -MD5 (sudo-1.6.9p17.tar.gz) = 60daf18f28e2c1eb7641c4408e244110 -SHA256 (sudo-1.6.9p17.tar.gz) = 1e2cd4ff684c6f542b7e392010021f36b201d074620dad4d7689da60f9c74596 -SIZE (sudo-1.6.9p17.tar.gz) = 593534 +MD5 (sudo-1.7.0.tar.gz) = 5fd96bba35fe29b464f7aa6ad255f0a6 +SHA256 (sudo-1.7.0.tar.gz) = 5f7de94287f39c8b3b8d86aed147967e9286f45740412004233858b637391978 +SIZE (sudo-1.7.0.tar.gz) = 744311 Index: pkg-plist =================================================================== RCS file: /home/pcvs/ports/security/sudo/pkg-plist,v retrieving revision 1.16 diff -u -r1.16 pkg-plist --- pkg-plist 10 Apr 2008 14:00:22 -0000 1.16 +++ pkg-plist 4 Feb 2009 19:21:10 -0000 @@ -6,8 +6,6 @@ etc/sudoers.default libexec/sudo_noexec.so sbin/visudo -%%PORTDOCS%%%%DOCSDIR%%/BUGS -%%PORTDOCS%%%%DOCSDIR%%/CHANGES %%PORTDOCS%%%%DOCSDIR%%/README %%PORTDOCS%%%%DOCSDIR%%/TROUBLESHOOTING %%PORTDOCS%%%%DOCSDIR%%/UPGRADE >Release-Note: >Audit-Trail: >Unformatted: