[Bug 530073] Re: sudo emails contain random buffer contents if hostname can't be resolved
Ilmari Vacklin
ilmari.vacklin at cs.helsinki.fi
Fri Dec 2 12:35:40 UTC 2011
Set the bug as a security vulnerability.
** This bug has been flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sudo in Ubuntu.
https://bugs.launchpad.net/bugs/530073
Title:
sudo emails contain random buffer contents if hostname can't be
resolved
Status in sudo:
Unknown
Status in “sudo” package in Ubuntu:
Confirmed
Bug description:
Binary package hint: sudo
To reproduce:
1. instal libnss-extrausers
2. make sure the hostname cannot be resolved by removing it from /etc/hosts:
# hostname
spitzer
# hostname -f
hostname: Unknown host
Now run
# sudo -u "$admin_user" /bin/true
sudo: unable to resolve host spitzer
This will send a completely garbled error message to the administrator
that gives no clue of what went wrong and where to look for it:
To: root at matterhorn.ap.columbia.edu
From: root at matterhorn.ap.columbia.edu
Auto-Submitted: auto-generated
Subject: *** SECURITY information for spitzer ***
spitzer : Feb 26 06:25:01 : root : /usr/lib/libnss_extrausers.so.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/sudo/+bug/530073/+subscriptions
More information about the foundations-bugs
mailing list