Security Update for CVE-2015-5699 (Configuring sudo Access to Several cl-* Commands Results in Local Privilege Escalation Vulnerability)

Follow

This release note documents the security fix for:

If a switch's /etc/sudoers configuration is modified to allow a non-root user account to run cl-rctl, cl-bgp, cl-ospf, cl-ospf6 or cl-ra as root, that user can exploit shell meta-characters to run any other arbitrary commands as root. 

If non-root users are not explicitly configured to have sudo access to those commands, the configuration is not vulnerable.

By default, /etc/sudoers in Cumulus Linux and Cumulus RMP does not expose the vulnerability. If /etc/sudoers is modified as described above, this vulnerability affects all Cumulus Linux and Cumulus RMP releases from version 2.5.3 and earlier. 

To apply the security patch, run:

  1. Update your Cumulus Linux or Cumulus RMP distribution. Run:
    cumulus@switch:~$ sudo apt-get update
  2. Upgrade the distribution to apply the patch. Run:
    cumulus@switch:~$ sudo apt-get install python-clcmd 
  3. Restart the clcmd_server service:
    cumulus@switch:~$ sudo service clcmd_server restart
  4. Verify the package was updated:
    cumulus@switch:~$ dpkg -l | grep python-clcmd
    ii python-clcmd 0.01-cl2.5+3 all Cumulus linux command line

For details on the Cumulus Networks policy regarding security vulnerabilities, see this article.

Acknowledgements

Cumulus Networks would like to thank Gregory Pickett of Hellfire Security for reporting this vulnerability.

Have more questions? Submit a request

Comments

Powered by Zendesk