~ubuntu-branches/ubuntu/oneiric/sudo/oneiric-security

Viewing changes to debian/patches/CVE-2011-0010.patch

Committer: Package Import Robot
Author(s): Tyler Hicks
Date: 2012-05-15 23:28:04 UTC
Revision ID: package-import@ubuntu.com-20120515232804-2rd0d4k222la647h

Tags: 1.7.4p6-1ubuntu2.1

* SECURITY UPDATE: Properly handle multiple netmasks in sudoers Host and
  Host_List values
  - debian/patches/CVE-2012-2337.patch: Don't perform IPv6 checks on IPv4
    addresses. Based on upstream patch.
  - CVE-2012-2337

files added:
.pc/CVE-2012-2337.patch

.pc/CVE-2012-2337.patch/match.c

.pc/debian-changes-1.7.4p6-1

.pc/debian-changes-1.7.4p6-1/env.c

.pc/enable_badpass.patch

.pc/enable_badpass.patch/defaults.c

.pc/enable_badpass.patch/sudoers.man.in

.pc/enable_badpass.patch/sudoers.pod

.pc/hurd-have-getutid.diff

.pc/hurd-have-getutid.diff/boottime.c

debian/patches/CVE-2012-2337.patch

debian/patches/debian-changes-1.7.4p6-1

debian/patches/enable_badpass.patch

debian/patches/hurd-have-getutid.diff

files removed:
.pc/CVE-2011-0010.patch

.pc/CVE-2011-0010.patch/check.c

.pc/debian-changes-1.7.4p4-5

.pc/debian-changes-1.7.4p4-5/check.c

.pc/debian-changes-1.7.4p4-5/env.c

debian/patches/CVE-2011-0010.patch

debian/patches/debian-changes-1.7.4p4-5

files modified:
.pc/applied-patches

.pc/env.c-safety.diff/sudoers.pod

.pc/keep_home_by_default.patch/env.c

ChangeLog

NEWS

boottime.c

bsm_audit.c

configure

configure.in

debian/README

debian/changelog

debian/patches/series

debian/rules

debian/sudo.preinst

defaults.c

install-sh

linux_audit.c

match.c

pwutil.c

set_perms.c

sudo.c

sudoers.cat

sudoers.man.in

sudoers.pod

term.c

toke.c

toke.l

Show diffs side-by-side

added added

removed removed

debian/patches/CVE-2011-0010.patch

Origin: http://www.sudo.ws/repos/sudo/raw-rev/fe8a94f96542

Description: fix CVE-2011-0010 by prompting for password when the user is

running sudo as himself but as a different group

Index: sudo-1.7.4p4/check.c

===================================================================

--- sudo-1.7.4p4.orig/check.c 2011-01-18 16:33:03.000000000 -0600

+++ sudo-1.7.4p4/check.c 2011-01-18 16:33:17.000000000 -0600

@@ -119,7 +119,13 @@

if (ISSET(mode, MODE_INVALIDATE)) {

SET(validated, FLAG_CHECK_USER);

} else {

- if (user_uid == 0 || user_uid == runas_pw->pw_uid || user_is_exempt())

+ /*

+ * Don't prompt for the root passwd or if the user is exempt.

+ * If the user is not changing uid/gid, no need for a password.

+ */

+ if (user_uid == 0 || (user_uid == runas_pw->pw_uid &&

+ (!runas_gr || user_in_group(sudo_user.pw, runas_gr->gr_name))) ||

+ user_is_exempt())

return;

}

Older »