Ubuntu.comUB:CVE-2005-4890CVE-2005-4890
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.7%
There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo 1.x
before 1.7.4 via “su - user -c program”. The user session can be escaped to
the parent session by using the TIOCSTI ioctl to push characters into the
input buffer to be read by the next process.
Bugs
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=262454>
- <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628843 (shadow)>
- <https://bugzilla.redhat.com/show_bug.cgi?id=710208>
- <https://bugzilla.redhat.com/show_bug.cgi?id=173008>
- <https://bugzilla.redhat.com/show_bug.cgi?id=199066>
- <https://bugzilla.redhat.com/show_bug.cgi?id=479145>
- <http://www.sudo.ws/bugs/show_bug.cgi?id=142>
Notes
| Author | Note |
|---|---|
| mdeslaur | sudo is also apprently vulnerable to this, so the use_pty option was added. We need to verify versions, and make sure it is actually getting honored (apparently the option wasn’t working: http://www.openwall.com/lists/oss-security/2011/06/22/4) |
| jdstrand | sudo in 12.04 and higher has the fix for use_pty. A small patch (http://www.sudo.ws/repos/sudo/rev/8d95a163dfc1) can be used to enable it on Ubuntu 11.04 and 11.10. |
| mdeslaur | Please note that use_pty is not enabled by default in sudo, it must be specifically enabled. |
| seth-arnold | su interactive has the same problem, no fix known on 20130305 |
References
www.openwall.com/lists/oss-security/2011/06/02/3
www.openwall.com/lists/oss-security/2012/11/05/8
www.redhat.com/archives/fedora-devel-list/2004-July/msg01314.html
www.ush.it/2009/01/06/25c3-ccc-congress-2008-tricks-makes-you-smile/
launchpad.net/bugs/cve/CVE-2005-4890
nvd.nist.gov/vuln/detail/CVE-2005-4890
security-tracker.debian.org/tracker/CVE-2005-4890
www.cve.org/CVERecord?id=CVE-2005-4890
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
23.7%