Executive Summary

Summary
Title sudo: Privilege escalation
Informations
Name GLSA-201406-30 First vendor Publication 2014-06-27
Vendor Gentoo Last vendor Modification 2014-06-27
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.6 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 2.7 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability has been found in sudo allowing a local attacker to gain elevated privileges.

Background

sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts.

Description

When the Sudo env_reset option is disabled (it is enabled by default), certain environment variables are not blacklisted as expected.

Impact

A local attacker, authorized to run commands using sudo, can use this flaw to execute arbitrary code or escalate his privileges.

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.5"

References

[ 1 ] CVE-2014-0106 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0106

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201406-30.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201406-30.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24237
 
Oval ID: oval:org.mitre.oval:def:24237
Title: RHSA-2014:0266: sudo security update (Moderate)
Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user's privileges. (CVE-2014-0106) Note: This issue does not affect the default configuration of the sudo package as shipped with Red Hat Enterprise Linux 5. Red Hat would like to thank Todd C. Miller for reporting this issue. Upstream acknowledges Sebastien Macke as the original reporter. All sudo users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
Family: unix Class: patch
Reference(s): RHSA-2014:0266-00
CESA-2014:0266
CVE-2014-0106
 Version: 8
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24244
 
Oval ID: oval:org.mitre.oval:def:24244
Title: ELSA-2014:0266: sudo security update (Moderate)
Description: Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Family: unix Class: patch
Reference(s): ELSA-2014:0266-00
CVE-2014-0106
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24334
 
Oval ID: oval:org.mitre.oval:def:24334
Title: USN-2146-1 -- sudo vulnerabilities
Description: Several security issues were fixed in Sudo.
Family: unix Class: patch
Reference(s): USN-2146-1
CVE-2014-0106
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25446
 
Oval ID: oval:org.mitre.oval:def:25446
Title: SUSE-SU-2014:0475-1 -- Security update for sudo
Description: This collective update for sudo provides fixes for the following issues: * Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running "sudo -s". (bnc#868444) * Command "who -m" prints no output when using log_input/log_output sudo options. (bnc#863025) Security Issues references: * CVE-2014-0106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0475-1
CVE-2014-0106
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27307
 
Oval ID: oval:org.mitre.oval:def:27307
Title: DEPRECATED: ELSA-2014-0266 -- sudo security update (moderate)
Description: [1.7.2p1-29] - added patch for CVE-2014-0106: certain environment variables not sanitized when env_reset is disabled Resolves: rhbz#1072210
Family: unix Class: patch
Reference(s): ELSA-2014-0266
CVE-2014-0106
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): sudo
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 58
Os 102

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-08-20 IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0079.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-160.nasl - Type : ACT_GATHER_INFO
2014-06-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-30.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_sudo-140320.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2146-1.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2014-0266.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2014-0266.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0266.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140310_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-06 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-064-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-06-29 13:26:52
  • Multiple Updates
2014-06-27 13:23:34
  • First insertion