Executive Summary

Summary
Title Sudo vulnerabilities
Informations
Name USN-2146-1 First vendor Publication 2014-03-13
Vendor Ubuntu Last vendor Modification 2014-03-13
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:S/C:C/I:C/A:C)
Cvss Base Score 6.6 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 2.7 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.10 - Ubuntu 12.10 - Ubuntu 12.04 LTS - Ubuntu 10.04 LTS

Summary:

Several security issues were fixed in Sudo.

Software Description: - sudo: Provide limited super user privileges to specific users

Details:

Sebastien Macke discovered that Sudo incorrectly handled blacklisted environment variables when the env_reset option was disabled. A local attacker could use this issue to possibly run unintended commands by using blacklisted environment variables. In a default Ubuntu installation, the env_reset option is enabled by default. This issue only affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)

It was discovered that the Sudo init script set a date in the past on existing timestamp files instead of using epoch to invalidate them completely. A local attacker could possibly modify the system time to attempt to reuse timestamp files. This issue only applied to Ubuntu 12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 13.10:
sudo 1.8.6p3-0ubuntu3.1
sudo-ldap 1.8.6p3-0ubuntu3.1

Ubuntu 12.10:
sudo 1.8.5p2-1ubuntu1.2
sudo-ldap 1.8.5p2-1ubuntu1.2

Ubuntu 12.04 LTS:
sudo 1.8.3p1-1ubuntu3.6
sudo-ldap 1.8.3p1-1ubuntu3.6

Ubuntu 10.04 LTS:
sudo 1.7.2p1-1ubuntu5.7
sudo-ldap 1.7.2p1-1ubuntu5.7

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2146-1
CVE-2014-0106, https://launchpad.net/bugs/1223297

Package Information:
https://launchpad.net/ubuntu/+source/sudo/1.8.6p3-0ubuntu3.1
https://launchpad.net/ubuntu/+source/sudo/1.8.5p2-1ubuntu1.2
https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.6
https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.7

Original Source

Url : http://www.ubuntu.com/usn/USN-2146-1

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24237
 
Oval ID: oval:org.mitre.oval:def:24237
Title: RHSA-2014:0266: sudo security update (Moderate)
Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled its blacklist of environment variables. When the "env_reset" option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user's privileges. (CVE-2014-0106) Note: This issue does not affect the default configuration of the sudo package as shipped with Red Hat Enterprise Linux 5. Red Hat would like to thank Todd C. Miller for reporting this issue. Upstream acknowledges Sebastien Macke as the original reporter. All sudo users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
Family: unix Class: patch
Reference(s): RHSA-2014:0266-00
CESA-2014:0266
CVE-2014-0106
 Version: 8
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24244
 
Oval ID: oval:org.mitre.oval:def:24244
Title: ELSA-2014:0266: sudo security update (Moderate)
Description: Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.
Family: unix Class: patch
Reference(s): ELSA-2014:0266-00
CVE-2014-0106
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24334
 
Oval ID: oval:org.mitre.oval:def:24334
Title: USN-2146-1 -- sudo vulnerabilities
Description: Several security issues were fixed in Sudo.
Family: unix Class: patch
Reference(s): USN-2146-1
CVE-2014-0106
 Version: 5
Platform(s): Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
Ubuntu 10.04
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25446
 
Oval ID: oval:org.mitre.oval:def:25446
Title: SUSE-SU-2014:0475-1 -- Security update for sudo
Description: This collective update for sudo provides fixes for the following issues: * Security policy bypass when env_reset is disabled. (CVE-2014-0106, bnc#866503) * Regression in the previous update that causes a segmentation fault when running "sudo -s". (bnc#868444) * Command "who -m" prints no output when using log_input/log_output sudo options. (bnc#863025) Security Issues references: * CVE-2014-0106 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106 >
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0475-1
CVE-2014-0106
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27307
 
Oval ID: oval:org.mitre.oval:def:27307
Title: DEPRECATED: ELSA-2014-0266 -- sudo security update (moderate)
Description: [1.7.2p1-29] - added patch for CVE-2014-0106: certain environment variables not sanitized when env_reset is disabled Resolves: rhbz#1072210
Family: unix Class: patch
Reference(s): ELSA-2014-0266
CVE-2014-0106
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): sudo
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 58
Os 102

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-08-20 IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0079.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-03-26 Name : The remote Debian host is missing a security update.
File : debian_DLA-160.nasl - Type : ACT_GATHER_INFO
2014-06-28 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201406-30.nasl - Type : ACT_GATHER_INFO
2014-04-04 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_sudo-140320.nasl - Type : ACT_GATHER_INFO
2014-03-14 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2146-1.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2014-0266.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2014-0266.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0266.nasl - Type : ACT_GATHER_INFO
2014-03-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140310_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-03-06 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-064-01.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-03-15 13:21:38
  • Multiple Updates
2014-03-13 17:20:14
  • First insertion