Delicious Digg Facebook Favorites More Stumbleupon Twitter

Vigil@nce – sudo : file reading via TZ

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

A local privileged attacker can set the TZ environment variable before calling sudo, in order to force the opening of a file, or a denial of service if this file is blocking.

Impacted products : Unix (platform)

Severity : 1/4

Creation date : 10/02/2015

DESCRIPTION OF THE VULNERABILITY

The sudo program allows some users to execute commands with elevated privileges.

The sudo program filters environment variables which are potentially dangerous. However, sudo transmits the TZ variable, which can indicate the name of a Time Zone file. The target application, linked to the glibc, thus opens this file to analyze its timing information. It can be noted that the content of this file is never returned to the user.

A local privileged attacker can therefore set the TZ environment variable before calling sudo, in order to force the opening of a file, or a denial of service if this file is blocking.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/s…

Source:: Global Security Mag

Text Widget

Aliquam ut tellus ligula. Nam blandit massa nec neque rutrum a euismod t ellus ultricies! Phasellus nulla tellus, fringilla quis tristique ornare, condi mentum non erat. Aliquam congue or nare varius.