Executive Summary
Informations | |||
---|---|---|---|
Name | MDVSA-2011:018 | First vendor Publication | 2011-01-21 |
Vendor | Mandriva | Last vendor Modification | 2011-01-21 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Multiple vulnerabilities has been found and corrected in sudo: A a patch for parse.c in sudo does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression (CVE-2011-0008). check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command (CVE-2011-0010). Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been upgraded to the latest versions (1.7.4p6) which is not affected by these issues. |
Original Source
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2011:018 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-1 | Accessing Functionality Not Properly Constrained by ACLs |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-17 | Accessing, Modifying or Executing Executable Files |
CAPEC-39 | Manipulating Opaque Client-based Data Tokens |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-51 | Poison Web Service Registry |
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-60 | Reusing Session IDs (aka Session Replay) |
CAPEC-76 | Manipulating Input to File System Calls |
CAPEC-77 | Manipulating User-Controlled Variables |
CAPEC-87 | Forceful Browsing |
CAPEC-104 | Cross Zone Scripting |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10856 | |||
Oval ID: | oval:org.mitre.oval:def:10856 | ||
Title: | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | ||
Description: | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0034 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13675 | |||
Oval ID: | oval:org.mitre.oval:def:13675 | ||
Title: | USN-1046-1 -- sudo vulnerability | ||
Description: | Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1046-1 CVE-2011-0010 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13952 | |||
Oval ID: | oval:org.mitre.oval:def:13952 | ||
Title: | USN-722-1 -- sudo vulnerability | ||
Description: | Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped with Ubuntu. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-722-1 CVE-2009-0034 | Version: | 5 |
Platform(s): | Ubuntu 8.10 Ubuntu 8.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20941 | |||
Oval ID: | oval:org.mitre.oval:def:20941 | ||
Title: | RHSA-2012:0309: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0309-03 CVE-2011-0010 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21380 | |||
Oval ID: | oval:org.mitre.oval:def:21380 | ||
Title: | RHSA-2011:0599: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0599-01 CVE-2011-0010 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22719 | |||
Oval ID: | oval:org.mitre.oval:def:22719 | ||
Title: | ELSA-2011:0599: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0599-01 CVE-2011-0010 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22769 | |||
Oval ID: | oval:org.mitre.oval:def:22769 | ||
Title: | ELSA-2009:0267: sudo security update (Moderate) | ||
Description: | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:0267-01 CVE-2009-0034 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23269 | |||
Oval ID: | oval:org.mitre.oval:def:23269 | ||
Title: | ELSA-2012:0309: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0309-03 CVE-2011-0010 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27474 | |||
Oval ID: | oval:org.mitre.oval:def:27474 | ||
Title: | DEPRECATED: ELSA-2012-0309 -- sudo security and bug fix update (low) | ||
Description: | [1.7.2p1-13] - patch: parse ldap.conf more closely to nss_ldap Resolves: rhbz#750318 [1.7.2p1-12] - added patch for CVE-2011-0010 Resolves: rhbz#757157 [1.7.2p1-11] - backported selinux support from 1.7.4p5 (#477185, #673157) - fixed bug in Runas_Spec group matching (#627543) - disable 'sudo -l' output word wrapping if the output is piped (#697111) - fixed overwriting of errno after execve failure (#673157) - fixed segmentation fault (#673072) - add a sudoers entry to the nsswitch.conf file on install (and delete it on uninstall) (#617061) Resolves: rhbz#697111 Resolves: rhbz#673157 Resolves: rhbz#673072 Resolves: rhbz#627543 Resolves: rhbz#617061 Resolves: rhbz#477185 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0309 CVE-2011-0010 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28045 | |||
Oval ID: | oval:org.mitre.oval:def:28045 | ||
Title: | DEPRECATED: ELSA-2011-0599 -- sudo security and bug fix update (low) | ||
Description: | [1.7.4p5-5] - patch: log failed user role changes Resolves: rhbz#665131 [1.7.4p5-4] - added #includedir /etc/sudoers.d to sudoers Resolves: rhbz#615087 [1.7.4p5-3] - added !visiblepw option to sudoers Resolves: rhbz#688640 [1.7.4p5-2] - added patch for rhbz#665131 Resolves: rhbz#665131 [1.7.4p5-1] - rebase to latest stable version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - sync configuration paths with the nss_ldap package Resolves: rhbz#615087 Resolves: rhbz#652726 Resolves: rhbz#634159 Resolves: rhbz#603823 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0599 CVE-2011-0010 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:29098 | |||
Oval ID: | oval:org.mitre.oval:def:29098 | ||
Title: | RHSA-2009:0267 -- sudo security update (Moderate) | ||
Description: | An updated sudo package to fix a security issue is now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root with logging. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2009:0267 CVE-2009-0034 | Version: | 3 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6462 | |||
Oval ID: | oval:org.mitre.oval:def:6462 | ||
Title: | Sudo Supplemental Group Privilege Error Lets Certain Local Users Gain Elevated Privileges | ||
Description: | parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2009-0034 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-06 | Name : RedHat Update for sudo RHSA-2011:0599-01 File : nvt/gb_RHSA-2011_0599-01_sudo.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-06 (sudo) File : nvt/glsa_201203_06.nasl |
2012-02-21 | Name : RedHat Update for sudo RHSA-2012:0309-03 File : nvt/gb_RHSA-2012_0309-03_sudo.nasl |
2011-01-24 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo9.nasl |
2011-01-24 | Name : Fedora Update for sudo FEDORA-2011-0455 File : nvt/gb_fedora_2011_0455_sudo_fc13.nasl |
2011-01-24 | Name : Mandriva Update for sudo MDVSA-2011:018 (sudo) File : nvt/gb_mandriva_MDVSA_2011_018.nasl |
2011-01-21 | Name : Fedora Update for sudo FEDORA-2011-0470 File : nvt/gb_fedora_2011_0470_sudo_fc14.nasl |
2011-01-21 | Name : Ubuntu Update for sudo vulnerability USN-1046-1 File : nvt/gb_ubuntu_USN_1046_1.nasl |
2009-07-29 | Name : Ubuntu USN-802-1 (apache2) File : nvt/ubuntu_802_1.nasl |
2009-07-29 | Name : Ubuntu USN-801-1 (tiff) File : nvt/ubuntu_801_1.nasl |
2009-07-29 | Name : Ubuntu USN-799-1 (dbus) File : nvt/ubuntu_799_1.nasl |
2009-02-18 | Name : Ubuntu USN-722-1 (sudo) File : nvt/ubuntu_722_1.nasl |
2009-02-13 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo4.nasl |
2009-02-10 | Name : Gentoo Security Advisory GLSA 200902-01 (sudo) File : nvt/glsa_200902_01.nasl |
2009-02-10 | Name : Mandrake Security Advisory MDVSA-2009:033 (sudo) File : nvt/mdksa_2009_033.nasl |
2009-02-10 | Name : Fedora Core 10 FEDORA-2009-1074 (sudo) File : nvt/fcore_2009_1074.nasl |
2009-02-10 | Name : RedHat Security Advisory RHSA-2009:0267 File : nvt/RHSA_2009_0267.nasl |
2009-02-02 | Name : SuSE Security Summary SUSE-SR:2009:003 File : nvt/suse_sr_2009_003.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-05 sudo File : nvt/esoft_slk_ssa_2011_041_05.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70400 | sudo check.c Runas Group Authentication Bypass sudo contains a logic error that prevents the program from properly restricting changes of the group ID. This may allow a local attacker to use the 'sudo -g' command to bypass authentication while changing group IDs. |
51736 | sudo parse.c System Group Interpretation Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-03 | Name : The remote host is missing a security-related patch. File : vmware_VMSA-2009-0009_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2009-0267.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0309.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_sudo_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20090205_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-06.nasl - Type : ACT_GATHER_INFO |
2012-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0309.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0599.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2011-02-17 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2009-0009.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-05.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-018.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0455.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1046-1.nasl - Type : ACT_GATHER_INFO |
2011-01-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0470.nasl - Type : ACT_GATHER_INFO |
2011-01-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_908f4cf21e8b11e0a587001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Fedora host is missing a security update. File : fedora_2009-1074.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-722-1.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2009-033.nasl - Type : ACT_GATHER_INFO |
2009-02-09 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200902-01.nasl - Type : ACT_GATHER_INFO |
2009-02-09 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_13d6d997f45511dd8516001b77d09812.nasl - Type : ACT_GATHER_INFO |
2009-02-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2009-0267.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:42:02 |
|
2013-05-11 00:48:27 |
|