Executive Summary
Summary | |
---|---|
Title | New sudo packages fix environment sanitization bypass vulnerability |
Informations | |||
---|---|---|---|
Name | DSA-2062 | First vendor Publication | 2010-06-17 |
Vendor | Debian | Last vendor Modification | 2010-06-17 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution (lenny), this problem has been fixed in version 1.6.9p17-3 For the unstable distribution (sid), this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution (squeeze) shortly. We recommend that you upgrade your sudo package. |
Original Source
Url : http://www.debian.org/security/2010/dsa-2062 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10580 | |||
Oval ID: | oval:org.mitre.oval:def:10580 | ||
Title: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1646 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11784 | |||
Oval ID: | oval:org.mitre.oval:def:11784 | ||
Title: | DSA-2062 sudo -- missing input sanitisation | ||
Description: | Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2062 CVE-2010-1646 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12909 | |||
Oval ID: | oval:org.mitre.oval:def:12909 | ||
Title: | USN-956-1 -- sudo vulnerability | ||
Description: | Evan Broder and Anders Kaseorg discovered that sudo did not properly sanitize its environment when configured to use secure_path . A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program that interpreted the PATH environment variable. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-956-1 CVE-2010-1646 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13622 | |||
Oval ID: | oval:org.mitre.oval:def:13622 | ||
Title: | DSA-2062-1 sudo -- missing input sanitisation | ||
Description: | Anders Kaseorg and Evan Broder discovered vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution, this problem has been fixed in version 1.6.9p17-3 For the unstable distribution , this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your sudo package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2062-1 CVE-2010-1646 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22140 | |||
Oval ID: | oval:org.mitre.oval:def:22140 | ||
Title: | RHSA-2010:0475: sudo security update (Moderate) | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0475-01 CESA-2010:0475 CVE-2010-1646 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22995 | |||
Oval ID: | oval:org.mitre.oval:def:22995 | ||
Title: | ELSA-2010:0475: sudo security update (Moderate) | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0475-01 CVE-2010-1646 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27777 | |||
Oval ID: | oval:org.mitre.oval:def:27777 | ||
Title: | DEPRECATED: ELSA-2010-0475 -- sudo security update (moderate) | ||
Description: | [1.7.2p1-7] - added patch that fixes insufficient environment sanitization issue (#598154) Resolves: #598381 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0475 CVE-2010-1646 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7338 | |||
Oval ID: | oval:org.mitre.oval:def:7338 | ||
Title: | VMware ESX, Service Console update for sudo. | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1646 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0475 centos5 i386 File : nvt/gb_CESA-2010_0475_sudo_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-03 (sudo) File : nvt/glsa_201009_03.nasl |
2010-07-06 | Name : Debian Security Advisory DSA 2062-1 (sudo) File : nvt/deb_2062_1.nasl |
2010-07-02 | Name : Ubuntu Update for sudo vulnerability USN-956-1 File : nvt/gb_ubuntu_USN_956_1.nasl |
2010-06-25 | Name : Fedora Update for sudo FEDORA-2010-9415 File : nvt/gb_fedora_2010_9415_sudo_fc12.nasl |
2010-06-25 | Name : Fedora Update for sudo FEDORA-2010-9417 File : nvt/gb_fedora_2010_9417_sudo_fc11.nasl |
2010-06-18 | Name : RedHat Update for sudo RHSA-2010:0475-01 File : nvt/gb_RHSA-2010_0475-01_sudo.nasl |
2010-06-18 | Name : Fedora Update for sudo FEDORA-2010-9402 File : nvt/gb_fedora_2010_9402_sudo_fc13.nasl |
2010-06-18 | Name : Mandriva Update for sudo MDVSA-2010:118 (sudo) File : nvt/gb_mandriva_MDVSA_2010_118.nasl |
2010-06-03 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo7.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65083 | sudo env.c secure path Restrictions Bypass Arbitrary File Execution sudo contains a flaw that may allow an attacker to execute arbitrary files with elevated privileges. The issue is triggered when sudo is configured to use a secure path and the PATH variable is defined twice. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100615_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-03.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9402.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9415.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9417.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-956-1.nasl - Type : ACT_GATHER_INFO |
2010-06-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2062.nasl - Type : ACT_GATHER_INFO |
2010-06-18 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-118.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2010-06-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2010-06-03 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d42e5b666ea011df9c8d00e0815b8da8.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:29:29 |
|