Executive Summary
Summary | |
---|---|
Title | sudo security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0475 | First vendor Publication | 2010-06-15 |
Vendor | RedHat | Last vendor Modification | 2010-06-15 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.2 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed command instead of the values set by sudo. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. (CVE-2010-1646) Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc. for responsibly reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 598154 - CVE-2010-1646 sudo: insufficient environment sanitization issue |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0475.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10580 | |||
Oval ID: | oval:org.mitre.oval:def:10580 | ||
Title: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1646 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11784 | |||
Oval ID: | oval:org.mitre.oval:def:11784 | ||
Title: | DSA-2062 sudo -- missing input sanitisation | ||
Description: | Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2062 CVE-2010-1646 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:12909 | |||
Oval ID: | oval:org.mitre.oval:def:12909 | ||
Title: | USN-956-1 -- sudo vulnerability | ||
Description: | Evan Broder and Anders Kaseorg discovered that sudo did not properly sanitize its environment when configured to use secure_path . A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program that interpreted the PATH environment variable. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-956-1 CVE-2010-1646 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13622 | |||
Oval ID: | oval:org.mitre.oval:def:13622 | ||
Title: | DSA-2062-1 sudo -- missing input sanitisation | ||
Description: | Anders Kaseorg and Evan Broder discovered vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution, this problem has been fixed in version 1.6.9p17-3 For the unstable distribution , this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution shortly. We recommend that you upgrade your sudo package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2062-1 CVE-2010-1646 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22140 | |||
Oval ID: | oval:org.mitre.oval:def:22140 | ||
Title: | RHSA-2010:0475: sudo security update (Moderate) | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0475-01 CESA-2010:0475 CVE-2010-1646 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22995 | |||
Oval ID: | oval:org.mitre.oval:def:22995 | ||
Title: | ELSA-2010:0475: sudo security update (Moderate) | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0475-01 CVE-2010-1646 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27777 | |||
Oval ID: | oval:org.mitre.oval:def:27777 | ||
Title: | DEPRECATED: ELSA-2010-0475 -- sudo security update (moderate) | ||
Description: | [1.7.2p1-7] - added patch that fixes insufficient environment sanitization issue (#598154) Resolves: #598381 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0475 CVE-2010-1646 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7338 | |||
Oval ID: | oval:org.mitre.oval:def:7338 | ||
Title: | VMware ESX, Service Console update for sudo. | ||
Description: | The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1646 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0475 centos5 i386 File : nvt/gb_CESA-2010_0475_sudo_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201009-03 (sudo) File : nvt/glsa_201009_03.nasl |
2010-07-06 | Name : Debian Security Advisory DSA 2062-1 (sudo) File : nvt/deb_2062_1.nasl |
2010-07-02 | Name : Ubuntu Update for sudo vulnerability USN-956-1 File : nvt/gb_ubuntu_USN_956_1.nasl |
2010-06-25 | Name : Fedora Update for sudo FEDORA-2010-9415 File : nvt/gb_fedora_2010_9415_sudo_fc12.nasl |
2010-06-25 | Name : Fedora Update for sudo FEDORA-2010-9417 File : nvt/gb_fedora_2010_9417_sudo_fc11.nasl |
2010-06-18 | Name : RedHat Update for sudo RHSA-2010:0475-01 File : nvt/gb_RHSA-2010_0475-01_sudo.nasl |
2010-06-18 | Name : Fedora Update for sudo FEDORA-2010-9402 File : nvt/gb_fedora_2010_9402_sudo_fc13.nasl |
2010-06-18 | Name : Mandriva Update for sudo MDVSA-2010:118 (sudo) File : nvt/gb_mandriva_MDVSA_2010_118.nasl |
2010-06-03 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo7.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65083 | sudo env.c secure path Restrictions Bypass Arbitrary File Execution sudo contains a flaw that may allow an attacker to execute arbitrary files with elevated privileges. The issue is triggered when sudo is configured to use a secure path and the PATH variable is defined twice. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0015_remote.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100615_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2010-10-04 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2010-0015.nasl - Type : ACT_GATHER_INFO |
2010-09-08 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-03.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9402.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9415.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-9417.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-956-1.nasl - Type : ACT_GATHER_INFO |
2010-06-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2062.nasl - Type : ACT_GATHER_INFO |
2010-06-18 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-118.nasl - Type : ACT_GATHER_INFO |
2010-06-17 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2010-06-16 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0475.nasl - Type : ACT_GATHER_INFO |
2010-06-03 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_d42e5b666ea011df9c8d00e0815b8da8.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:34 |
|