CVE-2005-4890

Priority
Description
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x
before 1.7.4 via "su - user -c program". The user session can be escaped to
the parent session by using the TIOCSTI ioctl to push characters into the
input buffer to be read by the next process.
Notes
mdeslaursudo is also apprently vulnerable to this, so the use_pty
option was added. We need to verify versions, and make sure
it is actually getting honored (apparently the option wasn't
working: http://www.openwall.com/lists/oss-security/2011/06/22/4)
jdstrandsudo in 12.04 and higher has the fix for use_pty. A small patch
(http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1) can be used to enable it
on Ubuntu 11.04 and 11.10.
mdeslaurPlease note that use_pty is not enabled by default in sudo, it
must be specifically enabled.
sarnoldsu interactive has the same problem, no fix known on 20130305
Package
Upstream:released (1:4.1.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1:4.1.5.1-1ubuntu9)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
Package
Source: sudo (LP Ubuntu Debian)
Upstream:released (1.8.2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.8.3p2-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 20.04 LTS (Focal Fossa):not-affected
Ubuntu 20.10 (Groovy Gorilla):not-affected
Patches:
Upstream:http://www.sudo.ws/repos/sudo/rev/aea971f1456a (pt1)
Upstream:http://www.sudo.ws/repos/sudo/rev/e7b167f8a6e5 (pt2)
Upstream:http://www.sudo.ws/repos/sudo/rev/26120a59c20e (pt3)
Upstream:http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1 (pt4)
More Information

Updated: 2020-10-24 06:14:13 UTC (commit 69e225d81a6ee3e2e014950178db797c5d4e5009)