Executive Summary
Summary | |
---|---|
Title | sudo security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0122 | First vendor Publication | 2010-02-26 |
Vendor | RedHat | Last vendor Modification | 2010-02-26 |
Severity (Vendor) | Important | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers file to use this pseudo-command, they could possibly leverage this flaw to execute arbitrary code with the privileges of the root user. (CVE-2010-0426) The sudo utility did not properly initialize supplementary groups when the "runas_default" option (in the sudoers file) was used. If a local user were authorized by the sudoers file to perform their sudo commands under the account specified with "runas_default", they would receive the root user's supplementary groups instead of those of the intended target user, giving them unintended privileges. (CVE-2010-0427) Users of sudo should upgrade to this updated package, which contains backported patches to correct these issues. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 567337 - CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution 567622 - CVE-2010-0427 sudo: Fails to reset group permissions if runas_default set |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0122.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10814 | |||
Oval ID: | oval:org.mitre.oval:def:10814 | ||
Title: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0426 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10946 | |||
Oval ID: | oval:org.mitre.oval:def:10946 | ||
Title: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0427 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12380 | |||
Oval ID: | oval:org.mitre.oval:def:12380 | ||
Title: | USN-905-1 -- sudo vulnerabilities | ||
Description: | It was discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the "runas_default" configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04 | ||
Family: | unix | Class: | patch |
Reference(s): | USN-905-1 CVE-2010-0426 CVE-2010-0427 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13334 | |||
Oval ID: | oval:org.mitre.oval:def:13334 | ||
Title: | USN-928-1 -- sudo vulnerability | ||
Description: | Valerio Costamagna discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command when the PATH contained only a dot. If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-928-1 CVE-2010-0426 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18169 | |||
Oval ID: | oval:org.mitre.oval:def:18169 | ||
Title: | DSA-2006-1 sudo - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2006-1 CVE-2010-0426 CVE-2010-0427 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22119 | |||
Oval ID: | oval:org.mitre.oval:def:22119 | ||
Title: | RHSA-2010:0122: sudo security update (Important) | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0122-01 CESA-2010:0122 CVE-2010-0426 CVE-2010-0427 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23056 | |||
Oval ID: | oval:org.mitre.oval:def:23056 | ||
Title: | ELSA-2010:0122: sudo security update (Important) | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0122-01 CVE-2010-0426 CVE-2010-0427 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28287 | |||
Oval ID: | oval:org.mitre.oval:def:28287 | ||
Title: | DEPRECATED: ELSA-2010-0122 -- sudo security update (important) | ||
Description: | [1.6.9p17-6] - added patches for CVE-2010-0426 and CVE-2010-0427 Resolves: #567689 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0122 CVE-2010-0426 CVE-2010-0427 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7216 | |||
Oval ID: | oval:org.mitre.oval:def:7216 | ||
Title: | Sudo 'runas_default' Local Privilege Escalation Vulnerability | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0427 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7238 | |||
Oval ID: | oval:org.mitre.oval:def:7238 | ||
Title: | Sudo 'sudoedit' Local Privilege Escalation Vulnerability | ||
Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0426 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0122 centos5 i386 File : nvt/gb_CESA-2010_0122_sudo_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0361 centos5 i386 File : nvt/gb_CESA-2010_0361_sudo_centos5_i386.nasl |
2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6749 File : nvt/gb_fedora_2010_6749_sudo_fc11.nasl |
2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6701 File : nvt/gb_fedora_2010_6701_sudo_fc12.nasl |
2010-04-30 | Name : Mandriva Update for sudo MDVSA-2010:078-1 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078_1.nasl |
2010-04-29 | Name : RedHat Update for sudo RHSA-2010:0361-01 File : nvt/gb_RHSA-2010_0361-01_sudo.nasl |
2010-04-21 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo6.nasl |
2010-04-19 | Name : Mandriva Update for sudo MDVSA-2010:078 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078.nasl |
2010-04-16 | Name : Ubuntu Update for sudo vulnerability USN-928-1 File : nvt/gb_ubuntu_USN_928_1.nasl |
2010-03-16 | Name : Gentoo Security Advisory GLSA 201003-01 (sudo) File : nvt/glsa_201003_01.nasl |
2010-03-16 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo5.nasl |
2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3415 File : nvt/gb_fedora_2010_3415_sudo_fc11.nasl |
2010-03-12 | Name : Mandriva Update for sudo MDVSA-2010:052 (sudo) File : nvt/gb_mandriva_MDVSA_2010_052.nasl |
2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3359 File : nvt/gb_fedora_2010_3359_sudo_fc12.nasl |
2010-03-02 | Name : Mandriva Update for sudo MDVSA-2010:049 (sudo) File : nvt/gb_mandriva_MDVSA_2010_049.nasl |
2010-03-02 | Name : RedHat Update for sudo RHSA-2010:0122-01 File : nvt/gb_RHSA-2010_0122-01_sudo.nasl |
2010-03-02 | Name : Ubuntu Update for sudo vulnerabilities USN-905-1 File : nvt/gb_ubuntu_USN_905_1.nasl |
2010-02-15 | Name : Mandriva Update for microcode_ctl MDVA-2010:052 (microcode_ctl) File : nvt/gb_mandriva_MDVA_2010_052.nasl |
2010-02-08 | Name : Mandriva Update for mailcap MDVA-2010:049 (mailcap) File : nvt/gb_mandriva_MDVA_2010_049.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-110-01 sudo File : nvt/esoft_slk_ssa_2010_110_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62657 | sudo runas_default Option Group Membership Local Privilege Escalation |
62515 | sudo sudoedit Command Handling Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100226_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6892.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3359.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3352.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6756.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6701.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3415.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6749.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2010-04-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-110-01.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-078.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-928-1.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6891.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2006.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201003-01.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-052.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_018a84d0254811dfb4a300e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-905-1.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2010-02-26 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-049.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:16 |
|