CVE-2005-4890

Priority
Description
When starting a program via "su - user -c program" the user session can escape
to the parent session by using the TIOCSTI ioctl to push characters into the
input buffer. This allows for example a non-root session to push
"chmod 666 /etc/shadow" or similarly bad commands into the input buffer such
that after the end of the session they are executed.
Notes
 mdeslaur> sudo is also apprently vulnerable to this, so the use_pty
 mdeslaur> option was added. We need to verify versions, and make sure
 mdeslaur> it is actually getting honored (apparently the option wasn't
 mdeslaur> working: http://www.openwall.com/lists/oss-security/2011/06/22/4)
 jdstrand> sudo in 12.04 and higher has the fix for use_pty. A small patch
  (http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1) can be used to enable it
  on Ubuntu 11.04 and 11.10.
 mdeslaur> Please note that use_pty is not enabled by default in sudo, it
 mdeslaur> must be specifically enabled.
 sarnold> su interactive has the same problem, no fix known on 20130305
Package
Upstream:released (1:4.1.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Trusty/esm:not-affected (1:4.1.5.1-1ubuntu9)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Package
Source: sudo (LP Ubuntu Debian)
Upstream:released (1.8.2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.8.3p2-1ubuntu2)
Trusty/esm:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected
Ubuntu 19.04 (Disco Dingo):not-affected
Ubuntu 19.10 (Eoan):not-affected
Patches:
Upstream:http://www.sudo.ws/repos/sudo/rev/aea971f1456a (pt1)
Upstream:http://www.sudo.ws/repos/sudo/rev/e7b167f8a6e5 (pt2)
Upstream:http://www.sudo.ws/repos/sudo/rev/26120a59c20e (pt3)
Upstream:http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1 (pt4)
More Information

Updated: 2019-04-26 14:14:15 UTC (commit 30899e40836d26e1bb5f0b072d31fd87b6cf3bd4)