Executive Summary

Summary
Title New sudo packages fix pathname validation race
Informations
Name DSA-735 First vendor Publication 2005-07-01
Vendor Debian Last vendor Modification 2005-07-07
Severity (Vendor) N/A Revision 2

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:P/I:P/A:P)
Cvss Base Score 3.7 Attack Range Local
Cvss Impact Score 6.4 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file. A workaround is to move any ALL directives to the beginning of the sudoers file; see the advisory at http://www.sudo.ws/sudo/alerts/path_race.html for more information.

For the old stable Debian distribution (woody), this problem has been fixed in version 1.6.6-1.3woody1.

For the current stable distribution (sarge), this problem has been fixed in version 1.6.8p7-1.1sarge1.

For the unstable distribution, this problem has been fixed in version 1.6.8p9-1.

The only change since DSA 735-1 is the addition of certain architectures which were not available in the original advisory.

We recommend that you upgrade your sudo package.

Original Source

Url : http://www.debian.org/security/2005/dsa-735

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11341
 
Oval ID: oval:org.mitre.oval:def:11341
Title: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
Description: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
Family: unix Class: vulnerability
Reference(s): CVE-2005-1993
Version: 5
Platform(s): Red Hat Enterprise Linux 3
CentOS Linux 3
Red Hat Enterprise Linux 4
CentOS Linux 4
Oracle Linux 4
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1242
 
Oval ID: oval:org.mitre.oval:def:1242
Title: sudo Symlink Vulnerability
Description: Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL pseudo-command is used after a user entry in the sudoers file, allows local users to gain privileges via a symlink attack.
Family: unix Class: vulnerability
Reference(s): CVE-2005-1993
Version: 1
Platform(s): Red Hat Enterprise Linux 3
Product(s): sudo
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 29

OpenVAS Exploits

Date Description
2009-11-17 Name : Mac OS X Version
File : nvt/macosx_version.nasl
2009-10-10 Name : SLES9: Security update for sudo
File : nvt/sles9p5019263.nasl
2008-09-24 Name : Gentoo Security Advisory GLSA 200506-22 (sudo)
File : nvt/glsa_200506_22.nasl
2008-09-04 Name : FreeBSD Ports: sudo
File : nvt/freebsd_sudo2.nasl
2008-01-17 Name : Debian Security Advisory DSA 735-1 (sudo)
File : nvt/deb_735_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
17396 Sudo sudoers ALL Entry Race Condition

Sudo contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue can be triggered by a user who already has some kind of sudo access, and they can leverage sudo to run arbitrary commands as other users. This flaw will most likely lead to a root compromise.

Nessus® Vulnerability Scanner

Date Description
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO
2006-07-03 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2005-535.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-142-1.nasl - Type : ACT_GATHER_INFO
2005-11-30 Name : The remote operating system is missing a vendor-supplied patch.
File : macosx_SecUpd2005-009.nasl - Type : ACT_GATHER_INFO
2005-07-13 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_3bf157fae1c611d9b8750001020eed82.nasl - Type : ACT_GATHER_INFO
2005-07-05 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-735.nasl - Type : ACT_GATHER_INFO
2005-06-29 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2005-535.nasl - Type : ACT_GATHER_INFO
2005-06-28 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-473.nasl - Type : ACT_GATHER_INFO
2005-06-23 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2005-103.nasl - Type : ACT_GATHER_INFO
2005-06-22 Name : The remote Fedora Core host is missing a security update.
File : fedora_2005-472.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:34:04
  • Multiple Updates