Executive Summary

Summary
Title sudo vulnerability
Informations
Name USN-235-2 First vendor Publication 2006-01-09
Vendor Ubuntu Last vendor Modification 2006-01-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) Ubuntu 5.10 (Breezy Badger)

The following packages are affected:

sudo

The problem can be corrected by upgrading the affected package to version 1.6.7p5-1ubuntu4.5 (for Ubuntu 4.10), 1.6.8p5-1ubuntu2.4 (for Ubuntu 5.04), or 1.6.8p9-2ubuntu2.3 (for Ubuntu 5.10). In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

USN-235-1 fixed a vulnerability in sudo's handling of environment variables. Tavis Ormandy noticed that sudo did not filter out the PYTHONINSPECT environment variable, so that users with the limited privilege of calling a python script with sudo could still escalate their privileges.

For reference, this is the original advisory:

Charles Morris discovered a privilege escalation vulnerability in
sudo. On executing Perl scripts with sudo, various environment
variables that affect Perl's library search path were not cleaned
properly. If sudo is set up to grant limited sudo execution of Perl
scripts to normal users, this could be exploited to run arbitrary
commands as the target user.

This security update also filters out environment variables that can
be exploited similarly with Python, Ruby, and zsh scripts.

Please note that this does not affect the default Ubuntu
installation,
or any setup that just grants full root privileges to certain users.

Original Source

Url : http://www.ubuntu.com/usn/USN-235-2

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 32
Os 8

OpenVAS Exploits

Date Description
2008-01-17 Name : Debian Security Advisory DSA 946-1 (sudo)
File : nvt/deb_946_1.nasl
2008-01-17 Name : Debian Security Advisory DSA 946-2 (sudo)
File : nvt/deb_946_2.nasl
0000-00-00 Name : Slackware Advisory SSA:2006-045-08 sudo
File : nvt/esoft_slk_ssa_2006_045_08.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
20764 Sudo PERL5OPT Environment Cleaning Multiple Variable Privilege Escalation

Sudo contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user is able to run perl scripts via Sudo, and the perl scripts to not have the taint flag (-T). This flaw may lead to a loss of integrity.

Nessus® Vulnerability Scanner

Date Description
2006-12-16 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2006-159.nasl - Type : ACT_GATHER_INFO
2006-10-14 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-946.nasl - Type : ACT_GATHER_INFO
2006-02-15 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2006-045-08.nasl - Type : ACT_GATHER_INFO
2006-01-21 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-235-2.nasl - Type : ACT_GATHER_INFO
2006-01-15 Name : The remote Mandrake Linux host is missing a security update.
File : mandrake_MDKSA-2005-234.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 12:03:13
  • Multiple Updates
2013-05-11 12:25:18
  • Multiple Updates