Executive Summary
Summary | |
---|---|
Title | sudo vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-905-1 | First vendor Publication | 2010-02-26 |
Vendor | Ubuntu | Last vendor Modification | 2010-02-26 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: It was discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. (CVE-2010-0426) It was discovered that sudo did not reset group permissions when the 'runas_default' configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2010-0427) |
Original Source
Url : http://www.ubuntu.com/usn/USN-905-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10814 | |||
Oval ID: | oval:org.mitre.oval:def:10814 | ||
Title: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0426 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:10946 | |||
Oval ID: | oval:org.mitre.oval:def:10946 | ||
Title: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0427 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:12380 | |||
Oval ID: | oval:org.mitre.oval:def:12380 | ||
Title: | USN-905-1 -- sudo vulnerabilities | ||
Description: | It was discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. The sudoedit pseudo-command is not used in the default installation of Ubuntu. It was discovered that sudo did not reset group permissions when the "runas_default" configuration option was used. A local attacker could exploit this to escalate group privileges if sudo was configured to allow the attacker to run commands under the runas_default account. The runas_default configuration option is not used in the default installation of Ubuntu. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04 | ||
Family: | unix | Class: | patch |
Reference(s): | USN-905-1 CVE-2010-0426 CVE-2010-0427 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13334 | |||
Oval ID: | oval:org.mitre.oval:def:13334 | ||
Title: | USN-928-1 -- sudo vulnerability | ||
Description: | Valerio Costamagna discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command when the PATH contained only a dot. If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-928-1 CVE-2010-0426 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18169 | |||
Oval ID: | oval:org.mitre.oval:def:18169 | ||
Title: | DSA-2006-1 sudo - several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2006-1 CVE-2010-0426 CVE-2010-0427 | Version: | 7 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22119 | |||
Oval ID: | oval:org.mitre.oval:def:22119 | ||
Title: | RHSA-2010:0122: sudo security update (Important) | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0122-01 CESA-2010:0122 CVE-2010-0426 CVE-2010-0427 | Version: | 29 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23056 | |||
Oval ID: | oval:org.mitre.oval:def:23056 | ||
Title: | ELSA-2010:0122: sudo security update (Important) | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0122-01 CVE-2010-0426 CVE-2010-0427 | Version: | 13 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28287 | |||
Oval ID: | oval:org.mitre.oval:def:28287 | ||
Title: | DEPRECATED: ELSA-2010-0122 -- sudo security update (important) | ||
Description: | [1.6.9p17-6] - added patches for CVE-2010-0426 and CVE-2010-0427 Resolves: #567689 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0122 CVE-2010-0426 CVE-2010-0427 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7216 | |||
Oval ID: | oval:org.mitre.oval:def:7216 | ||
Title: | Sudo 'runas_default' Local Privilege Escalation Vulnerability | ||
Description: | sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0427 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7238 | |||
Oval ID: | oval:org.mitre.oval:def:7238 | ||
Title: | Sudo 'sudoedit' Local Privilege Escalation Vulnerability | ||
Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0426 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0122 centos5 i386 File : nvt/gb_CESA-2010_0122_sudo_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0361 centos5 i386 File : nvt/gb_CESA-2010_0361_sudo_centos5_i386.nasl |
2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6749 File : nvt/gb_fedora_2010_6749_sudo_fc11.nasl |
2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6701 File : nvt/gb_fedora_2010_6701_sudo_fc12.nasl |
2010-04-30 | Name : Mandriva Update for sudo MDVSA-2010:078-1 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078_1.nasl |
2010-04-29 | Name : RedHat Update for sudo RHSA-2010:0361-01 File : nvt/gb_RHSA-2010_0361-01_sudo.nasl |
2010-04-21 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo6.nasl |
2010-04-19 | Name : Mandriva Update for sudo MDVSA-2010:078 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078.nasl |
2010-04-16 | Name : Ubuntu Update for sudo vulnerability USN-928-1 File : nvt/gb_ubuntu_USN_928_1.nasl |
2010-03-16 | Name : Gentoo Security Advisory GLSA 201003-01 (sudo) File : nvt/glsa_201003_01.nasl |
2010-03-16 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo5.nasl |
2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3415 File : nvt/gb_fedora_2010_3415_sudo_fc11.nasl |
2010-03-12 | Name : Mandriva Update for sudo MDVSA-2010:052 (sudo) File : nvt/gb_mandriva_MDVSA_2010_052.nasl |
2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3359 File : nvt/gb_fedora_2010_3359_sudo_fc12.nasl |
2010-03-02 | Name : Mandriva Update for sudo MDVSA-2010:049 (sudo) File : nvt/gb_mandriva_MDVSA_2010_049.nasl |
2010-03-02 | Name : RedHat Update for sudo RHSA-2010:0122-01 File : nvt/gb_RHSA-2010_0122-01_sudo.nasl |
2010-03-02 | Name : Ubuntu Update for sudo vulnerabilities USN-905-1 File : nvt/gb_ubuntu_USN_905_1.nasl |
2010-02-15 | Name : Mandriva Update for microcode_ctl MDVA-2010:052 (microcode_ctl) File : nvt/gb_mandriva_MDVA_2010_052.nasl |
2010-02-08 | Name : Mandriva Update for mailcap MDVA-2010:049 (mailcap) File : nvt/gb_mandriva_MDVA_2010_049.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-110-01 sudo File : nvt/esoft_slk_ssa_2010_110_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62657 | sudo runas_default Option Group Membership Local Privilege Escalation |
62515 | sudo sudoedit Command Handling Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100226_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6892.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3359.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3352.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6756.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6701.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3415.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6749.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2010-04-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-110-01.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-078.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-928-1.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6891.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2006.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201003-01.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-052.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_018a84d0254811dfb4a300e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-905-1.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2010-02-26 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-049.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:37 |
|