Executive Summary
Summary | |
---|---|
Title | Sudo vulnerability |
Informations | |||
---|---|---|---|
Name | USN-928-1 | First vendor Publication | 2010-04-15 |
Vendor | Ubuntu | Last vendor Modification | 2010-04-15 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 6.9 | Attack Range | Local |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 3.4 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: Ubuntu 8.04 LTS: Ubuntu 8.10: Ubuntu 9.04: Ubuntu 9.10: In general, a standard system upgrade is sufficient to effect the necessary changes. Details follow: Valerio Costamagna discovered that sudo did not properly validate the path for the 'sudoedit' pseudo-command when the PATH contained only a dot ('.'). If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426. |
Original Source
Url : http://www.ubuntu.com/usn/USN-928-1 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-264 | Permissions, Privileges, and Access Controls |
50 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10814 | |||
Oval ID: | oval:org.mitre.oval:def:10814 | ||
Title: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0426 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:13334 | |||
Oval ID: | oval:org.mitre.oval:def:13334 | ||
Title: | USN-928-1 -- sudo vulnerability | ||
Description: | Valerio Costamagna discovered that sudo did not properly validate the path for the "sudoedit" pseudo-command when the PATH contained only a dot. If secure_path and ignore_dot were disabled, a local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use sudoedit. By default, secure_path is used and the sudoedit pseudo-command is not used in Ubuntu. This is a different but related issue to CVE-2010-0426. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-928-1 CVE-2010-0426 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | sudo |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22224 | |||
Oval ID: | oval:org.mitre.oval:def:22224 | ||
Title: | RHSA-2010:0361: sudo security update (Moderate) | ||
Description: | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0361-01 CESA-2010:0361 CVE-2010-1163 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23082 | |||
Oval ID: | oval:org.mitre.oval:def:23082 | ||
Title: | ELSA-2010:0361: sudo security update (Moderate) | ||
Description: | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0361-01 CVE-2010-1163 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:28003 | |||
Oval ID: | oval:org.mitre.oval:def:28003 | ||
Title: | DEPRECATED: ELSA-2010-0361 -- sudo security update (moderate) | ||
Description: | [1.7.2p1-6] - added second patch for CVE-2010-0426 (#580441) Resolves: #580525 | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010-0361 CVE-2010-1163 | Version: | 4 |
Platform(s): | Oracle Linux 5 | Product(s): | sudo |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:7238 | |||
Oval ID: | oval:org.mitre.oval:def:7238 | ||
Title: | Sudo 'sudoedit' Local Privilege Escalation Vulnerability | ||
Description: | sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-0426 | Version: | 5 |
Platform(s): | VMWare ESX Server 4.0 | Product(s): | |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:9382 | |||
Oval ID: | oval:org.mitre.oval:def:9382 | ||
Title: | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. | ||
Description: | The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ".", which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2010-1163 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0009: ESXi utilities and ESX Service Console third party updates File : nvt/gb_VMSA-2010-0009.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0122 centos5 i386 File : nvt/gb_CESA-2010_0122_sudo_centos5_i386.nasl |
2011-08-09 | Name : CentOS Update for sudo CESA-2010:0361 centos5 i386 File : nvt/gb_CESA-2010_0361_sudo_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201006-09 (sudo) File : nvt/glsa_201006_09.nasl |
2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6701 File : nvt/gb_fedora_2010_6701_sudo_fc12.nasl |
2010-05-07 | Name : Fedora Update for sudo FEDORA-2010-6749 File : nvt/gb_fedora_2010_6749_sudo_fc11.nasl |
2010-04-30 | Name : Mandriva Update for sudo MDVSA-2010:078-1 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078_1.nasl |
2010-04-29 | Name : RedHat Update for sudo RHSA-2010:0361-01 File : nvt/gb_RHSA-2010_0361-01_sudo.nasl |
2010-04-21 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo6.nasl |
2010-04-19 | Name : Mandriva Update for sudo MDVSA-2010:078 (sudo) File : nvt/gb_mandriva_MDVSA_2010_078.nasl |
2010-04-16 | Name : Ubuntu Update for sudo vulnerability USN-928-1 File : nvt/gb_ubuntu_USN_928_1.nasl |
2010-03-16 | Name : Gentoo Security Advisory GLSA 201003-01 (sudo) File : nvt/glsa_201003_01.nasl |
2010-03-16 | Name : FreeBSD Ports: sudo File : nvt/freebsd_sudo5.nasl |
2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3359 File : nvt/gb_fedora_2010_3359_sudo_fc12.nasl |
2010-03-12 | Name : Fedora Update for sudo FEDORA-2010-3415 File : nvt/gb_fedora_2010_3415_sudo_fc11.nasl |
2010-03-02 | Name : RedHat Update for sudo RHSA-2010:0122-01 File : nvt/gb_RHSA-2010_0122-01_sudo.nasl |
2010-03-02 | Name : Mandriva Update for sudo MDVSA-2010:049 (sudo) File : nvt/gb_mandriva_MDVSA_2010_049.nasl |
2010-03-02 | Name : Ubuntu Update for sudo vulnerabilities USN-905-1 File : nvt/gb_ubuntu_USN_905_1.nasl |
2010-02-08 | Name : Mandriva Update for mailcap MDVA-2010:049 (mailcap) File : nvt/gb_mandriva_MDVA_2010_049.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-110-01 sudo File : nvt/esoft_slk_ssa_2010_110_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
63878 | sudo sudoedit Command Matching Failure Privilege Escalation sudo contains a flaw that may allow an attacker to gain access to unauthorized privileges. A user with privilege to execute the sudoedit pseudo-command can place a file with the same name in the current folder and get it executed by sudo, allowing a local attacker to gain execution of arbitrary code as a privileged user, normally root. |
62515 | sudo sudoedit Command Handling Local Privilege Escalation |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2010-0009_remote.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0476.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100420_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing a security update. File : sl_20100226_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2011-05-05 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-110114.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6892.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3415.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3352.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-3359.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6701.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6756.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Fedora host is missing a security update. File : fedora_2010-6749.nasl - Type : ACT_GATHER_INFO |
2010-06-02 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201006-09.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2010-06-01 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2010-0009.nasl - Type : ACT_GATHER_INFO |
2010-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0361.nasl - Type : ACT_GATHER_INFO |
2010-04-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-110-01.nasl - Type : ACT_GATHER_INFO |
2010-04-19 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-078.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-928-1.nasl - Type : ACT_GATHER_INFO |
2010-04-16 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_1a9f678d48ca11df85f8000c29a67389.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_sudo-100301.nasl - Type : ACT_GATHER_INFO |
2010-03-09 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_sudo-6891.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2006.nasl - Type : ACT_GATHER_INFO |
2010-03-04 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201003-01.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_018a84d0254811dfb4a300e0815b8da8.nasl - Type : ACT_GATHER_INFO |
2010-03-02 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-905-1.nasl - Type : ACT_GATHER_INFO |
2010-03-01 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0122.nasl - Type : ACT_GATHER_INFO |
2010-02-26 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-049.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:06:44 |
|
2013-05-11 00:56:22 |
|