Executive Summary
Summary | |
---|---|
Title | Sudo vulnerability |
Informations | |||
---|---|---|---|
Name | USN-1046-1 | First vendor Publication | 2011-01-20 |
Vendor | Ubuntu | Last vendor Modification | 2011-01-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.4 | Attack Range | Local |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 9.10 Ubuntu 10.04 LTS Ubuntu 10.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 9.10: Ubuntu 10.04 LTS: Ubuntu 10.10: In general, a standard system update will make all the necessary changes. Details follow: Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu. |
Original Source
Url : http://www.ubuntu.com/usn/USN-1046-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13675 | |||
Oval ID: | oval:org.mitre.oval:def:13675 | ||
Title: | USN-1046-1 -- sudo vulnerability | ||
Description: | Alexander Kurtz discovered that sudo would not prompt for a password when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as the specified group if sudo was configured to allow the attacker to use a program as this group. The group Runas_Spec is not used in the default installation of Ubuntu. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-1046-1 CVE-2011-0010 | Version: | 5 |
Platform(s): | Ubuntu 10.10 Ubuntu 9.10 Ubuntu 10.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20941 | |||
Oval ID: | oval:org.mitre.oval:def:20941 | ||
Title: | RHSA-2012:0309: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0309-03 CVE-2011-0010 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:21380 | |||
Oval ID: | oval:org.mitre.oval:def:21380 | ||
Title: | RHSA-2011:0599: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2011:0599-01 CVE-2011-0010 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 6 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22719 | |||
Oval ID: | oval:org.mitre.oval:def:22719 | ||
Title: | ELSA-2011:0599: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011:0599-01 CVE-2011-0010 | Version: | 6 |
Platform(s): | Oracle Linux 6 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23269 | |||
Oval ID: | oval:org.mitre.oval:def:23269 | ||
Title: | ELSA-2012:0309: sudo security and bug fix update (Low) | ||
Description: | check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0309-03 CVE-2011-0010 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:27474 | |||
Oval ID: | oval:org.mitre.oval:def:27474 | ||
Title: | DEPRECATED: ELSA-2012-0309 -- sudo security and bug fix update (low) | ||
Description: | [1.7.2p1-13] - patch: parse ldap.conf more closely to nss_ldap Resolves: rhbz#750318 [1.7.2p1-12] - added patch for CVE-2011-0010 Resolves: rhbz#757157 [1.7.2p1-11] - backported selinux support from 1.7.4p5 (#477185, #673157) - fixed bug in Runas_Spec group matching (#627543) - disable 'sudo -l' output word wrapping if the output is piped (#697111) - fixed overwriting of errno after execve failure (#673157) - fixed segmentation fault (#673072) - add a sudoers entry to the nsswitch.conf file on install (and delete it on uninstall) (#617061) Resolves: rhbz#697111 Resolves: rhbz#673157 Resolves: rhbz#673072 Resolves: rhbz#627543 Resolves: rhbz#617061 Resolves: rhbz#477185 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0309 CVE-2011-0010 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28045 | |||
Oval ID: | oval:org.mitre.oval:def:28045 | ||
Title: | DEPRECATED: ELSA-2011-0599 -- sudo security and bug fix update (low) | ||
Description: | [1.7.4p5-5] - patch: log failed user role changes Resolves: rhbz#665131 [1.7.4p5-4] - added #includedir /etc/sudoers.d to sudoers Resolves: rhbz#615087 [1.7.4p5-3] - added !visiblepw option to sudoers Resolves: rhbz#688640 [1.7.4p5-2] - added patch for rhbz#665131 Resolves: rhbz#665131 [1.7.4p5-1] - rebase to latest stable version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - sync configuration paths with the nss_ldap package Resolves: rhbz#615087 Resolves: rhbz#652726 Resolves: rhbz#634159 Resolves: rhbz#603823 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2011-0599 CVE-2011-0010 | Version: | 4 |
Platform(s): | Oracle Linux 6 | Product(s): | sudo |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-06-06 | Name : RedHat Update for sudo RHSA-2011:0599-01 File : nvt/gb_RHSA-2011_0599-01_sudo.nasl |
2012-03-12 | Name : Gentoo Security Advisory GLSA 201203-06 (sudo) File : nvt/glsa_201203_06.nasl |
2012-02-21 | Name : RedHat Update for sudo RHSA-2012:0309-03 File : nvt/gb_RHSA-2012_0309-03_sudo.nasl |
2011-01-24 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo9.nasl |
2011-01-24 | Name : Fedora Update for sudo FEDORA-2011-0455 File : nvt/gb_fedora_2011_0455_sudo_fc13.nasl |
2011-01-24 | Name : Mandriva Update for sudo MDVSA-2011:018 (sudo) File : nvt/gb_mandriva_MDVSA_2011_018.nasl |
2011-01-21 | Name : Fedora Update for sudo FEDORA-2011-0470 File : nvt/gb_fedora_2011_0470_sudo_fc14.nasl |
2011-01-21 | Name : Ubuntu Update for sudo vulnerability USN-1046-1 File : nvt/gb_ubuntu_USN_1046_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2011-041-05 sudo File : nvt/esoft_slk_ssa_2011_041_05.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70400 | sudo check.c Runas Group Authentication Bypass sudo contains a logic error that prevents the program from properly restricting changes of the group ID. This may allow a local attacker to use the 'sudo -g' command to bypass authentication while changing group IDs. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2012-0309.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20110519_sudo_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-03-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201203-06.nasl - Type : ACT_GATHER_INFO |
2012-02-21 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0309.nasl - Type : ACT_GATHER_INFO |
2011-05-20 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2011-0599.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2011-02-11 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2011-041-05.nasl - Type : ACT_GATHER_INFO |
2011-01-28 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2011-018.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0455.nasl - Type : ACT_GATHER_INFO |
2011-01-21 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1046-1.nasl - Type : ACT_GATHER_INFO |
2011-01-19 | Name : The remote Fedora host is missing a security update. File : fedora_2011-0470.nasl - Type : ACT_GATHER_INFO |
2011-01-14 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_908f4cf21e8b11e0a587001b77d09812.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:58:12 |
|