CVE-2005-4890

Priority
Description
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x
before 1.7.4 via "su - user -c program". The user session can be escaped to
the parent session by using the TIOCSTI ioctl to push characters into the
input buffer to be read by the next process.
Notes
mdeslaursudo is also apprently vulnerable to this, so the use_pty
option was added. We need to verify versions, and make sure
it is actually getting honored (apparently the option wasn't
working: http://www.openwall.com/lists/oss-security/2011/06/22/4)
jdstrandsudo in 12.04 and higher has the fix for use_pty. A small patch
(http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1) can be used to enable it
on Ubuntu 11.04 and 11.10.
mdeslaurPlease note that use_pty is not enabled by default in sudo, it
must be specifically enabled.
sarnoldsu interactive has the same problem, no fix known on 20130305
Package
Upstream:released (1:4.1.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):needed
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (1:4.1.5.1-1ubuntu9)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.10 (Eoan Ermine):not-affected
Ubuntu 20.04 (Focal Fossa):not-affected
Package
Source: sudo (LP Ubuntu Debian)
Upstream:released (1.8.2)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.8.3p2-1ubuntu2)
Ubuntu 14.04 ESM (Trusty Tahr):not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 18.04 LTS (Bionic Beaver):not-affected
Ubuntu 19.10 (Eoan Ermine):not-affected
Ubuntu 20.04 (Focal Fossa):not-affected
Patches:
Upstream:http://www.sudo.ws/repos/sudo/rev/aea971f1456a (pt1)
Upstream:http://www.sudo.ws/repos/sudo/rev/e7b167f8a6e5 (pt2)
Upstream:http://www.sudo.ws/repos/sudo/rev/26120a59c20e (pt3)
Upstream:http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1 (pt4)
More Information

Updated: 2020-03-18 20:14:16 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)