PROBLEM:
Sudo on Red Hat Enterprise Linux %postun Symlink Flaw Lets Local Users Gain Elevated Privileges
PLATFORM:
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
ABSTRACT:
An updated sudo package that fixes one security issue and several bugs is now available for Red Hat Enterprise Linux 5.
reference LINKS:
Advisory: RHSA-2012:1149-1
SecurityTracker Alert ID: 1027356
Sudo Main Page
Bugzilla 844442
CVE-2012-3440
IMPACT ASSESSMENT:
Medium
Discussion:
A local user can exploit a temporary file symbolic link flaw in the %postun script to overwrite arbitrary files or modify the contents of the "/etc/nsswitch.conf" file when the sudo package is upgraded or removed. This can be exploited to gain elevated privileges on the target system.
Impact:
A vulnerability was reported in Sudo on Red Hat Enterprise Linux. A local user can obtain elevated privileges on the target system.
Solution:
The vendor has issued a fix. Updates from the Red Hat Network