Executive Summary
Summary | |
---|---|
Title | sudo: Privilege Escalation |
Informations | |||
---|---|---|---|
Name | GLSA-201009-03 | First vendor Publication | 2010-09-07 |
Vendor | Gentoo | Last vendor Modification | 2010-09-07 |
Severity (Vendor) | High | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis The secure path feature and group handling in sudo allow local attackers to escalate privileges. Background Description * Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo 'secure path' feature does not properly handle multiple PATH variables (CVE-2010-1646). * Markus Wuethrich of Swiss Post reported that sudo fails to restrict access when using Runas groups and the group (-g) command line option (CVE-2010-2956). Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201009-03.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201009-03.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10580 | |||
Oval ID: | oval:org.mitre.oval:def:10580 | ||
Title: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1646 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11784 | |||
Oval ID: | oval:org.mitre.oval:def:11784 | ||
Title: | DSA-2062 sudo -- missing input sanitisation | ||
Description: | Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2062 CVE-2010-1646 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12902 | |||
Oval ID: | oval:org.mitre.oval:def:12902 | ||
Title: | USN-983-1 -- sudo vulnerability | ||
Description: | Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-983-1 CVE-2010-2956 | Version: | 5 |
Platform(s): | Ubuntu 9.10 Ubuntu 10.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12909 | |||
Oval ID: | oval:org.mitre.oval:def:12909 | ||
Title: | USN-956-1 -- sudo vulnerability | ||
Description: | Evan Broder and Anders Kaseorg discovered that sudo did not properly sanitize its environment when configured to use secure_path . A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program that interpreted the PATH environment variable. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-956-1 CVE-2010-1646 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13622 | |||
Oval ID: | oval:org.mitre.oval:def:13622 | ||
Title: | DSA-2062-1 sudo -- missing input sanitisation | ||
Description: | Anders Kaseorg and Evan Broder discovered vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution, this problem has been fixed in version 1.6.9p17-3 For the unstable distribution , this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your sudo package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2062-1 CVE-2010-1646 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20122 | |||
Oval ID: | oval:org.mitre.oval:def:20122 | ||
Title: | VMware ESX third party updates for Service Console packages glibc, sudo, and openldap | ||
Description: | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-2956 | Version: | 4 |
Platform(s): | VMWare ESX Server 4.1 VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21401 | |||
Oval ID: | oval:org.mitre.oval:def:21401 | ||
Title: | RHSA-2010:0675: sudo security update (Important) | ||
Description: | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0675-01 CESA-2010:0675 CVE-2010-2956 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22140 | |||
Oval ID: | oval:org.mitre.oval:def:22140 | ||
Title: | RHSA-2010:0475: sudo security update (Moderate) | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0475-01 CESA-2010:0475 CVE-2010-1646 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22912 | |||
Oval ID: | oval:org.mitre.oval:def:22912 | ||
Title: | ELSA-2010:0675: sudo security update (Important) | ||
Description: | Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0675-01 CVE-2010-2956 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22995 | |||
Oval ID: | oval:org.mitre.oval:def:22995 | ||
Title: | ELSA-2010:0475: sudo security update (Moderate) | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0475-01 CVE-2010-1646 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27777 | |||
Oval ID: | oval:org.mitre.oval:def:27777 | ||
Title: | DEPRECATED: ELSA-2010-0475 -- sudo security update (moderate) | ||
Description: | [1.7.2p1-7] - added patch that fixes insufficient environment sanitization issue (#598154) Resolves: #598381 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0475 CVE-2010-1646 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28210 | |||
Oval ID: | oval:org.mitre.oval:def:28210 | ||
Title: | DEPRECATED: ELSA-2010-0675 -- sudo security update (important) | ||
Description: | [1.7.2p1-8] - added patch for CVE-2010-2956 (#628628) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0675 CVE-2010-2956 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7338 | |||
Oval ID: | oval:org.mitre.oval:def:7338 | ||
Title: | VMware ESX, Service Console update for sudo. | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1646 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0475 centos5 i386 File : nvt/gb_CESA-2010_0475_sudo_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0675 centos5 i386 File : nvt/gb_CESA-2010_0675_sudo_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-03 (sudo) File : nvt/glsa_201009_03.nasl |
2010-12-02 | Name : Fedora Update for sudo FEDORA-2010-14184 File : nvt/gb_fedora_2010_14184_sudo_fc14.nasl |
2010-10-10 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo8.nasl |
2010-10-01 | Name : Fedora Update for sudo FEDORA-2010-14996 File : nvt/gb_fedora_2010_14996_sudo_fc12.nasl |
2010-09-14 | Name : Fedora Update for sudo FEDORA-2010-14355 File : nvt/gb_fedora_2010_14355_sudo_fc13.nasl |
2010-09-14 | Name : Mandriva Update for sudo MDVSA-2010:175 (sudo) File : nvt/gb_mandriva_MDVSA_2010_175.nasl |
2010-09-10 | Name : RedHat Update for sudo RHSA-2010:0675-01 File : nvt/gb_RHSA-2010_0675-01_sudo.nasl |
2010-09-10 | Name : Ubuntu Update for sudo vulnerability USN-983-1 File : nvt/gb_ubuntu_USN_983_1.nasl |
2010-07-06 | Name : Debian Security Advisory DSA 2062-1 (sudo) File : nvt/deb_2062_1.nasl |
2010-07-02 | Name : Ubuntu Update for sudo vulnerability USN-956-1 File : nvt/gb_ubuntu_USN_956_1.nasl |
2010-06-25 | Name : Fedora Update for sudo FEDORA-2010-9415 File : nvt/gb_fedora_2010_9415_sudo_fc12.nasl |
2010-06-25 | Name : Fedora Update for sudo FEDORA-2010-9417 File : nvt/gb_fedora_2010_9417_sudo_fc11.nasl |
2010-06-18 | Name : RedHat Update for sudo RHSA-2010:0475-01 File : nvt/gb_RHSA-2010_0475-01_sudo.nasl |
2010-06-18 | Name : Fedora Update for sudo FEDORA-2010-9402 File : nvt/gb_fedora_2010_9402_sudo_fc13.nasl |
2010-06-18 | Name : Mandriva Update for sudo MDVSA-2010:118 (sudo) File : nvt/gb_mandriva_MDVSA_2010_118.nasl |
2010-06-03 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo7.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-257-02 sudo File : nvt/esoft_slk_ssa_2010_257_02.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67842 | sudo Runas Group Handling Local Privilege Escalation |
65083 | sudo env.c secure path Restrictions Bypass Arbitrary File Execution sudo contains a flaw that may allow an attacker to execute arbitrary files with elevated privileges. The issue is triggered when sudo is configured to use a secure path and the PATH variable is defined twice. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2011-0001_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-100907.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0675.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100907_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100615_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2011-01-06 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2011-0001.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14996.nasl - Type : ACT_GATHER_INFO |
2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
2010-09-16 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14184.nasl - Type : ACT_GATHER_INFO |
2010-09-15 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-257-02.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-175.nasl - Type : ACT_GATHER_INFO |
2010-09-13 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0675.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote Fedora host is missing a security update. File : fedora_2010-14355.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-100907.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_67b514c3ba8f11df8f6e000c29a67389.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-03.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-983-1.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0675.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9402.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-956-1.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9417.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9415.nasl - Type : ACT_GATHER_INFO |
2010-06-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2062.nasl - Type : ACT_GATHER_INFO |
2010-06-18 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-118.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2010-06-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2010-06-03 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d42e5b666ea011df9c8d00e0815b8da8.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:36:55 |
|