Executive Summary

Summary
Title Sudo vulnerability
Informations
Name USN-983-1 First vendor Publication 2010-09-07
Vendor Ubuntu Last vendor Modification 2010-09-07
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:H/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity High
Cvss Expoit Score 1.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A security issue affects the following Ubuntu releases:

Ubuntu 9.10 Ubuntu 10.04 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 9.10:
sudo 1.7.0-1ubuntu2.5
sudo-ldap 1.7.0-1ubuntu2.5

Ubuntu 10.04 LTS:
sudo 1.7.2p1-1ubuntu5.2
sudo-ldap 1.7.2p1-1ubuntu5.2

In general, a standard system update will make all the necessary changes.

Details follow:

Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.

Original Source

Url : http://www.ubuntu.com/usn/USN-983-1

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12902
 
Oval ID: oval:org.mitre.oval:def:12902
Title: USN-983-1 -- sudo vulnerability
Description: Markus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group.
Family: unix Class: patch
Reference(s): USN-983-1
CVE-2010-2956
 Version: 5
Platform(s): Ubuntu 9.10
Ubuntu 10.04
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20122
 
Oval ID: oval:org.mitre.oval:def:20122
Title: VMware ESX third party updates for Service Console packages glibc, sudo, and openldap
Description: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Family: unix Class: vulnerability
Reference(s): CVE-2010-2956
 Version: 4
Platform(s): VMWare ESX Server 4.1
VMWare ESX Server 4.0
 Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21401
 
Oval ID: oval:org.mitre.oval:def:21401
Title: RHSA-2010:0675: sudo security update (Important)
Description: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Family: unix Class: patch
Reference(s): RHSA-2010:0675-01
CESA-2010:0675
CVE-2010-2956
 Version: 4
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22912
 
Oval ID: oval:org.mitre.oval:def:22912
Title: ELSA-2010:0675: sudo security update (Important)
Description: Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.
Family: unix Class: patch
Reference(s): ELSA-2010:0675-01
CVE-2010-2956
 Version: 6
Platform(s): Oracle Linux 5
 Product(s): sudo
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:28210
 
Oval ID: oval:org.mitre.oval:def:28210
Title: DEPRECATED: ELSA-2010-0675 -- sudo security update (important)
Description: [1.7.2p1-8] - added patch for CVE-2010-2956 (#628628)
Family: unix Class: patch
Reference(s): ELSA-2010-0675
CVE-2010-2956
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): sudo
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 15

OpenVAS Exploits

Date Description
2011-08-09 Name : CentOS Update for sudo CESA-2010:0675 centos5 i386
File : nvt/gb_CESA-2010_0675_sudo_centos5_i386.nasl
2011-03-09 Name : Gentoo Security Advisory GLSA 201009-03 (sudo)
File : nvt/glsa_201009_03.nasl
2010-12-02 Name : Fedora Update for sudo FEDORA-2010-14184
File : nvt/gb_fedora_2010_14184_sudo_fc14.nasl
2010-10-10 Name : FreeBSD Ports: sudo
File : nvt/freebsd_sudo8.nasl
2010-10-01 Name : Fedora Update for sudo FEDORA-2010-14996
File : nvt/gb_fedora_2010_14996_sudo_fc12.nasl
2010-09-14 Name : Fedora Update for sudo FEDORA-2010-14355
File : nvt/gb_fedora_2010_14355_sudo_fc13.nasl
2010-09-14 Name : Mandriva Update for sudo MDVSA-2010:175 (sudo)
File : nvt/gb_mandriva_MDVSA_2010_175.nasl
2010-09-10 Name : RedHat Update for sudo RHSA-2010:0675-01
File : nvt/gb_RHSA-2010_0675-01_sudo.nasl
2010-09-10 Name : Ubuntu Update for sudo vulnerability USN-983-1
File : nvt/gb_ubuntu_USN_983_1.nasl
0000-00-00 Name : Slackware Advisory SSA:2010-257-02 sudo
File : nvt/esoft_slk_ssa_2010_257_02.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
67842 sudo Runas Group Handling Local Privilege Escalation

Nessus® Vulnerability Scanner

Date Description
2016-03-04 Name : The remote VMware ESX host is missing a security-related patch.
File : vmware_VMSA-2011-0001_remote.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : suse_11_3_sudo-100907.nasl - Type : ACT_GATHER_INFO
2013-07-12 Name : The remote Oracle Linux host is missing a security update.
File : oraclelinux_ELSA-2010-0675.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing a security update.
File : sl_20100907_sudo_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2011-01-06 Name : The remote VMware ESX host is missing one or more security-related patches.
File : vmware_VMSA-2011-0001.nasl - Type : ACT_GATHER_INFO
2010-10-06 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14996.nasl - Type : ACT_GATHER_INFO
2010-09-16 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14184.nasl - Type : ACT_GATHER_INFO
2010-09-15 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2010-257-02.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote CentOS host is missing a security update.
File : centos_RHSA-2010-0675.nasl - Type : ACT_GATHER_INFO
2010-09-13 Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2010-175.nasl - Type : ACT_GATHER_INFO
2010-09-12 Name : The remote Fedora host is missing a security update.
File : fedora_2010-14355.nasl - Type : ACT_GATHER_INFO
2010-09-09 Name : The remote openSUSE host is missing a security update.
File : suse_11_2_sudo-100907.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_67b514c3ba8f11df8f6e000c29a67389.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201009-03.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0675.nasl - Type : ACT_GATHER_INFO
2010-09-08 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-983-1.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 12:07:03
  • Multiple Updates