Vigil@nce - sudo: privilege escalation via env_reset
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When env_reset is disabled, an attacker can use the LD_PRELOAD
environment variable on the sudo command line, in order to
escalate his privileges.
– Impacted products: RHEL, Slackware, Ubuntu, Unix (platform)
– Severity: 2/4
– Creation date: 06/03/2014
DESCRIPTION OF THE VULNERABILITY
The sudo command can be used by the administrator to delegate some
privileges to users. A user can thus be allowed to run a command
with high privileges.
When the env_reset configuration directive is disabled, the
env_check and env_delete directives can be used to filter
dangerous environment variables. However, due to a logic error,
variables on the sudo command line are not filtered.
When env_reset is disabled, an attacker can therefore use the
LD_PRELOAD environment variable on the sudo command line, in order
to escalate his privileges.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/sudo-privilege-escalation-via-env-reset-14365