Univention Bugzilla – Bug 34270
sudo: Insufficient environment sanitising (ES 3.1)
Last modified: 2015-05-04 17:06:05 CEST
By default sudo sanitises the environment: All environment variables are reset with the exception of a few harmless ones (e.g. PATH, USER etc). This prevents privilege escalation attacks e.g. with programs using dynamic load paths.
This is the default in UCS.
However, if the sanitising feature is turned off and environment variables are passed on the command line, they are not treated by the env_check and env_delete options.
This has low priority, since disabling the sanitising is insecure itself.
The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.
The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.
Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.
There is a similar issue which is exploitable by local users only:
CVE-2014-9680: Arbitrary file access via user defined TZ environment variable
According to the policy for 3.1 Extended Security a fix is not mandatory.
Created attachment 6811 [details]
Upstream package version 1.7.4p4-2.squeeze.5 imported and built in extsec3.1.
Tests (amd64): OK