Executive Summary

Summary
Title sudo: Privilege escalation
Informations
Name GLSA-201401-23 First vendor Publication 2014-01-21
Vendor Gentoo Last vendor Modification 2014-01-21
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in sudo which could result in privilege escalation.

Background

sudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts.

Description

Multiple vulnerabilities have been found in sudo:

* sudo does not correctly validate the controlling terminal on a system without /proc or when the tty_tickets option is enabled.
* sudo does not properly handle the clock when it is set to the epoch.

Impact

A local attacker with sudo privileges could connect to the stdin, stdout, and stderr of the terminal of a user who has authenticated with sudo, allowing the attacker to hijack the authorization of the other user. Additionally, a local or physically proximate attacker could set the system clock to the epoch, bypassing time restrictions on sudo authentication.

Workaround

There is no known workaround at this time.

Resolution

All sudo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-admin/sudo-1.8.6_p7"

References

[ 1 ] CVE-2013-1775 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1775
[ 2 ] CVE-2013-1776 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-1776
[ 3 ] CVE-2013-2776 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2776
[ 4 ] CVE-2013-2777 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2777

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201401-23.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201401-23.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-264 Permissions, Privileges, and Access Controls

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18216
 
Oval ID: oval:org.mitre.oval:def:18216
Title: USN-1754-1 -- sudo vulnerability
Description: Sudo could be made to run programs as the administrator without a passwor d prompt.
Family: unix Class: patch
Reference(s): USN-1754-1
CVE-2013-1775
Version: 7
Platform(s): Ubuntu 12.10
Ubuntu 12.04
Ubuntu 11.10
Ubuntu 10.04
Ubuntu 8.04
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20126
 
Oval ID: oval:org.mitre.oval:def:20126
Title: DSA-2642-1 sudo - several issues
Description: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users.
Family: unix Class: patch
Reference(s): DSA-2642-1
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
CVE-2013-2777
Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25531
 
Oval ID: oval:org.mitre.oval:def:25531
Title: SUSE-SU-2013:1595-1 -- Security update for sudo
Description: This LTSS rollup update fixes the following security issues which allowed to bypass the sudo authentication.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1595-1
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
CVE-2013-2777
Version: 3
Platform(s): SUSE Linux Enterprise Server 10
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25587
 
Oval ID: oval:org.mitre.oval:def:25587
Title: SUSE-SU-2013:1594-1 -- Security update for sudo
Description: This LTSS rollup update fixes the following security issues which allowed to bypass the sudo authentication.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:1594-1
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
CVE-2013-2777
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25864
 
Oval ID: oval:org.mitre.oval:def:25864
Title: SUSE-SU-2013:0793-1 -- Security update for sudo
Description: This update fixes the following security issues which allowed to bypass the sudo authentication: CVE-2013-1775, CVE-2013-1776, CVE-2013-2776 and CVE-2013-2777.
Family: unix Class: patch
Reference(s): SUSE-SU-2013:0793-1
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
CVE-2013-2777
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server 10
SUSE Linux Enterprise Desktop 11
SUSE Linux Enterprise Desktop 10
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27220
 
Oval ID: oval:org.mitre.oval:def:27220
Title: RHSA-2013:1353 -- sudo security and bug fix update (Low)
Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled time stamp files. An attacker able to run code as a local user and with the ability to control the system clock could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1775) It was found that sudo did not properly validate the controlling terminal device when the tty_tickets option was enabled in the /etc/sudoers file. An attacker able to run code as a local user could possibly gain additional privileges by running commands that the victim user was allowed to run via sudo, without knowing the victim's password. (CVE-2013-1776, CVE-2013-2776) This update also fixes the following bugs: * Due to a bug in the cycle detection algorithm of the visudo utility, visudo incorrectly evaluated certain alias definitions in the /etc/sudoers file as cycles. Consequently, a warning message about undefined aliases appeared. This bug has been fixed, /etc/sudoers is now parsed correctly by visudo and the warning message no longer appears. (BZ#849679) * Previously, the 'sudo -l' command did not parse the /etc/sudoers file correctly if it contained an Active Directory (AD) group. The file was parsed only up to the first AD group information and then the parsing failed with the following message: sudo: unable to cache group ADDOM\admingroup, already exists With this update, the underlying code has been modified and 'sudo -l' now parses /etc/sudoers containing AD groups correctly. (BZ#855836) * Previously, the sudo utility did not escape the backslash characters contained in user names properly. Consequently, if a system used sudo integrated with LDAP or Active Directory (AD) as the primary authentication mechanism, users were not able to authenticate on that system. With this update, sudo has been modified to process LDAP and AD names correctly and the authentication process now works as expected. (BZ#869287) * Prior to this update, the 'visudo -s (strict)' command incorrectly parsed certain alias definitions. Consequently, an error message was issued. The bug has been fixed, and parsing errors no longer occur when using 'visudo -s'. (BZ#905624) All sudo users are advised to upgrade to this updated package, which contains backported patches to correct these issues.
Family: unix Class: patch
Reference(s): RHSA-2013:1353
CESA-2013:1353
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
Version: 5
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27379
 
Oval ID: oval:org.mitre.oval:def:27379
Title: ELSA-2013-1701 -- sudo security, bug fix and enhancement update (low)
Description: [1.8.6p3-12] - added patches for CVE-2013-1775 CVE-2013-2777 CVE-2013-2776 Resolves: rhbz#1015355
Family: unix Class: patch
Reference(s): ELSA-2013-1701
CVE-2013-1775
CVE-2013-2776
CVE-2013-2777
Version: 3
Platform(s): Oracle Linux 6
Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27476
 
Oval ID: oval:org.mitre.oval:def:27476
Title: ELSA-2013-1353 -- sudo security and bug fix update (low)
Description: [1.7.2p1-28] - backported fixes for CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 Resolves: rhbz#968221
Family: unix Class: patch
Reference(s): ELSA-2013-1353
CVE-2013-1775
CVE-2013-1776
CVE-2013-2776
Version: 3
Platform(s): Oracle Linux 5
Product(s): sudo
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 159
Os 102

ExploitDB Exploits

id Description
2013-08-29 Mac OS X Sudo Password Bypass

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-08-20 IAVM : 2015-A-0199 - Multiple Vulnerabilities in Apple Mac OS X
Severity : Category I - VMSKEY : V0061337
2013-09-19 IAVM : 2013-A-0179 - Apple Mac OS X Security Update 2013-004
Severity : Category I - VMSKEY : V0040373

Nessus® Vulnerability Scanner

Date Description
2016-06-22 Name : The remote OracleVM host is missing a security update.
File : oraclevm_OVMSA-2016-0079.nasl - Type : ACT_GATHER_INFO
2015-08-17 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_5.nasl - Type : ACT_GATHER_INFO
2015-01-19 Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_sudo_20130611.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2013-1701.nasl - Type : ACT_GATHER_INFO
2014-11-12 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2013-1353.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2013-1527.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2013-221.nasl - Type : ACT_GATHER_INFO
2014-01-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201401-23.nasl - Type : ACT_GATHER_INFO
2013-12-14 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2013-259.nasl - Type : ACT_GATHER_INFO
2013-12-10 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20131121_sudo_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2013-11-27 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2013-1701.nasl - Type : ACT_GATHER_INFO
2013-11-21 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1701.nasl - Type : ACT_GATHER_INFO
2013-10-11 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20130930_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2013-10-03 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2013-1353.nasl - Type : ACT_GATHER_INFO
2013-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-1353.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_SecUpd2013-004.nasl - Type : ACT_GATHER_INFO
2013-09-13 Name : The remote host is missing a Mac OS X update that fixes several security issues.
File : macosx_10_8_5.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_sudo-130430.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_sudo-8562.nasl - Type : ACT_GATHER_INFO
2013-04-20 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2013-054.nasl - Type : ACT_GATHER_INFO
2013-03-20 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3270.nasl - Type : ACT_GATHER_INFO
2013-03-17 Name : The remote Fedora host is missing a security update.
File : fedora_2013-3297.nasl - Type : ACT_GATHER_INFO
2013-03-11 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2642.nasl - Type : ACT_GATHER_INFO
2013-03-07 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2013-065-01.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_82cfd919821311e29273902b343deec9.nasl - Type : ACT_GATHER_INFO
2013-03-04 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_764344fb821411e29273902b343deec9.nasl - Type : ACT_GATHER_INFO
2013-03-01 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1754-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:38:04
  • Multiple Updates
2014-01-22 00:18:27
  • First insertion