Executive Summary
| Summary | |
|---|---|
| Title | sudo vulnerability |
| Informations | |||
|---|---|---|---|
| Name | USN-235-1 | First vendor Publication | 2006-01-05 |
| Vendor | Ubuntu | Last vendor Modification | 2006-01-05 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 4.6 | Attack Range | Local |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger) The following packages are affected: sudo The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.4 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.3 (for Ubuntu 5.04), or 1.6.8p9-2ubuntu2.2 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Charles Morris discovered a privilege escalation vulnerability in sudo. On executing Perl scripts with sudo, various environment variables that affect Perl's library search path were not cleaned properly. If sudo is set up to grant limited sudo execution of Perl scripts to normal users, this could be exploited to run arbitrary commands as the target user. This security update also filters out environment variables that can be exploited similarly with Python, Ruby, and zsh scripts. Please note that this does not affect the default Ubuntu installation, or any setup that just grants full root privileges to certain users. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-235-1 |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 946-1 (sudo) File : nvt/deb_946_1.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 946-2 (sudo) File : nvt/deb_946_2.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 20764 | Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation Sudo contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user is able to run perl scripts via Sudo, and the perl scripts to not have the taint flag (-T). This flaw may lead to a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-12-16 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-159.nasl - Type : ACT_GATHER_INFO |
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-946.nasl - Type : ACT_GATHER_INFO |
| 2006-01-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-235-1.nasl - Type : ACT_GATHER_INFO |
| 2006-01-21 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-235-2.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2005-234.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:03:13 |
|
