## Summary
A security vulnerability has been discovered in sudo used with IBM Security Network Intrusion Prevention System.
## Vulnerability Details
**CVEID:** [_CVE-2014-9680_](<https://vulners.com/cve/CVE-2014-9680>)**
DESCRIPTION:** Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ environment variable prior to passing through the TZ parser. An attacker could exploit this vulnerability to cause a denial of service and launch further attacks on the system.
CVSS Base Score: 3
CVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101202_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101202>) for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:P)
## Affected Products and Versions
Products: GX3002, GX4002, GX4004, GX4004-v2, GX5008, GX5008-v2, GX5108, GX5108-v2, GX5208, GX5208-v2, GX6116, GX7412, GX7412-10, GX7412-05, GX7800, GV200, GV1000
Firmware versions 4.6.2, 4.6.1, 4.6, 4.5, 4.4, and 4.3
## Remediation/Fixes
_Product_
| _VRMF_| _Remediation/First Fix_
---|---|---
IBM Security Network Intrusion Prevention System | Firmware version 4.6.2| [_4.6.2.0-ISS-ProvG-AllModels-System-FP0012_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.6.1| [_4.6.1.0-ISS-ProvG-AllModels-System-FP0016_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.6| [_4.6.0.0-ISS-ProvG-AllModels-System-FP0014_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.5| [_4.5.0.0-ISS-ProvG-AllModels-System-FP0016_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.4| [_4.4.0.0-ISS-ProvG-AllModels-System-FP0016_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
IBM Security Network Intrusion Prevention System | Firmware version 4.3| [_4.3.0.0-ISS-ProvG-AllModels-System-FP0014_](<http://www-933.ibm.com/support/fixcentral/swg/selectFixes?parent=Security+Systems&product=ibm/Tivoli/Proventia+Network+Intrusion+Prevention+System&release=All&platform=All&function=all>)
## Workarounds and Mitigations
None
##
{"slackware": [{"lastseen": "2023-02-08T16:14:58", "description": "New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/sudo-1.8.12-i486-1_slack14.1.txz: Upgraded.\n This update fixes a potential security issue by only passing the TZ\n environment variable it is considered safe. This prevents exploiting bugs\n in glibc's TZ parser that could be used to read files that the user does\n not have access to, or to cause a denial of service.\n For more information, see:\n http://www.sudo.ws/sudo/alerts/tz.html\n https://vulners.com/cve/CVE-2014-9680\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/sudo-1.8.12-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/sudo-1.8.12-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/sudo-1.8.12-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/sudo-1.8.12-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/sudo-1.8.12-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/sudo-1.8.12-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.12-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.12-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.12-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.12-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n035101ffefe581d4147bc82cae995f20 sudo-1.8.12-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ncb041dc9ae54add3a7933e1c0c0697fb sudo-1.8.12-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n942fe050f8dfc56d4c163ccaaec04f29 sudo-1.8.12-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n5240ada948250e29773823a179bd5f7c sudo-1.8.12-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nee8fc289076d61cf11f2ccf820704d00 sudo-1.8.12-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n9a37c7f40f496ea9531295910483a23c sudo-1.8.12-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n8ff36c6c8b9034b2da68ae44e4a9e779 sudo-1.8.12-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n941e59e982171bae13c3b41bb178a1af sudo-1.8.12-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne2cb4be14b19cd9272373e10e0bd9882 sudo-1.8.12-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n5cda2e6cb8079542819f1daeb3e7c656 sudo-1.8.12-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n1b2e4523131873d75de134673f26f876 ap/sudo-1.8.12-i486-1.txz\n\nSlackware x86_64 -current package:\n74264293c2e69cbdf7f58dbb87b9c2ae ap/sudo-1.8.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg sudo-1.8.12-i486-1_slack14.1.txz", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-02-16T21:15:57", "type": "slackware", "title": "[slackware-security] sudo", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-02-16T21:15:57", "id": "SSA-2015-047-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.513277", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "debiancve": [{"lastseen": "2023-03-16T22:10:29", "description": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-04-24T06:59:00", "type": "debiancve", "title": "CVE-2014-9680", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2017-04-24T06:59:00", "id": "DEBIANCVE:CVE-2014-9680", "href": "https://security-tracker.debian.org/tracker/CVE-2014-9680", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "description": "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-23T23:25:03", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: sudo-1.8.12-1.fc20", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-02-23T23:25:03", "id": "FEDORA:231846087E04", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/UKD23OK2AILNW2XB4ELXHDQCZ5TP7WKG/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "description": "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-22T06:04:59", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: sudo-1.8.12-1.fc21", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-02-22T06:04:59", "id": "FEDORA:98425605E7E8", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QRYTD3KLGX5MYH5ASYS4XJLUIFPQFN5T/", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "ubuntucve": [{"lastseen": "2022-08-04T14:18:19", "description": "sudo before 1.8.12 does not ensure that the TZ environment variable is\nassociated with a zoneinfo file, which allows local users to open arbitrary\nfiles for read access (but not view file contents) by running a program\nwithin an sudo session, as demonstrated by interfering with terminal\noutput, discarding kernel-log messages, or repositioning tape drives.\n\n#### Bugs\n\n * <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772707>\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2014-12-31T00:00:00", "type": "ubuntucve", "title": "CVE-2014-9680", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2014-12-31T00:00:00", "id": "UB:CVE-2014-9680", "href": "https://ubuntu.com/security/CVE-2014-9680", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "osv": [{"lastseen": "2022-08-10T07:08:24", "description": "\nJakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable from\na user's environment without any sanitization. A user with sudo access\nmay take advantage of this to exploit bugs in the C library functions\nwhich parse the TZ environment variable or to open files that the user\nwould not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\n\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.\n\n\nWe recommend that you upgrade your sudo packages.\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-22T00:00:00", "type": "osv", "title": "sudo - security update", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2022-08-10T07:08:22", "id": "OSV:DSA-3167-1", "href": "https://osv.dev/vulnerability/DSA-3167-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-21T08:11:40", "description": "\nThis update fixes the CVEs described below.\n\n\n* [CVE-2014-0106](https://security-tracker.debian.org/tracker/CVE-2014-0106)\nTodd C. Miller reported that if the env\\_reset option is disabled\n in the sudoers file, the env\\_delete option is not correctly\n applied to environment variables specified on the command line. A\n malicious user with sudo permissions may be able to run arbitrary\n commands with elevated privileges by manipulating the environment\n of a command the user is legitimately allowed to run.\n* [CVE-2014-9680](https://security-tracker.debian.org/tracker/CVE-2014-9680)\nJakub Wilk reported that sudo preserves the TZ variable from a\n user's environment without any sanitization. A user with sudo\n access may take advantage of this to exploit bugs in the C library\n functions which parse the TZ environment variable or to open files\n that the user would not otherwise be able to open. The latter\n could potentially cause changes in system behavior when reading\n certain device special files or cause the program run via sudo to\n block.\n\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 1.7.4p4-2.squeeze.5.\n\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\n\nWe recommend that you upgrade your sudo packages.\n\n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-27T00:00:00", "type": "osv", "title": "sudo - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0106", "CVE-2014-9680"], "modified": "2022-07-21T06:02:25", "id": "OSV:DLA-160-1", "href": "https://osv.dev/vulnerability/DLA-160-1", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2023-01-26T13:28:44", "description": "## Releases\n\n * Ubuntu 14.10 \n * Ubuntu 14.04 ESM\n * Ubuntu 12.04 \n * Ubuntu 10.04 \n\n## Packages\n\n * sudo \\- Provide limited super user privileges to specific users\n\nJakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled \nthe TZ environment variable. An attacker with Sudo access could possibly \nuse this issue to open arbitrary files, bypassing intended permissions.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-03-16T00:00:00", "type": "ubuntu", "title": "Sudo vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-03-16T00:00:00", "id": "USN-2533-1", "href": "https://ubuntu.com/security/notices/USN-2533-1", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2023-01-27T14:18:23", "description": "Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the 'sudoers: files sss sss' entry. The sudoers source processing code has been fixed to correctly handle multiple instances of the same sudoers source. As a result, sudo no longer hangs when a sudoers source is mentioned multiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib library. With this update, sudo can generate zlib compressed I/O logs and also process zlib compressed I/O logs generated by other versions of sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-07-28T00:00:00", "type": "nessus", "title": "CentOS 6 : sudo (CESA-2015:1409)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:centos:centos:sudo", "p-cpe:/a:centos:centos:sudo-devel", "cpe:/o:centos:centos:6"], "id": "CENTOS_RHSA-2015-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/85017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1409 and \n# CentOS Errata and Security Advisory 2015:1409 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85017);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"RHSA\", value:\"2015:1409\");\n\n script_name(english:\"CentOS 6 : sudo (CESA-2015:1409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-July/002031.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54ca9ed3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9680\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:54", "description": "- update to 1.8.12\n\n - fixes CVE-2014-9680\n\nUpdate to 1.8.11p2\n\nMajor upstream changes & fixes :\n\n - when running a command in the background, sudo will now forward SIGINFO to the command\n\n - the passwords in ldap.conf and ldap.secret may now be encoded in base64.\n\n - SELinux role changes are now audited. For sudoedit, we now audit the actual editor being run, instead of just the sudoedit command.\n\n - it is now possible to match an environment variable's value as well as its name using env_keep and env_check\n\n - new files created via sudoedit as a non-root user now have the proper group id\n\n - sudoedit now works correctly in conjunction with sudo's SELinux RBAC support\n\n - it is now possible to disable network interface probing in sudo.conf by changing the value of the probe_interfaces setting\n\n - when listing a user's privileges (sudo -l), the sudoers plugin will now prompt for the user's password even if the targetpw, rootpw or runaspw options are set.\n\n - the new use_netgroups sudoers option can be used to explicitly enable or disable netgroups support\n\n - visudo can now export a sudoers file in JSON format using the new -x flag\n\nDistribution specific changes :\n\n - added patch to read ldap.conf more closely to nss_ldap\n\n - require /usr/bin/vi instead of vim-minimal\n\n - include pam.d/system-auth in PAM session phase from pam.d/sudo\n\n - include pam.d/sudo in PAM session phase from pam.d/sudo-i\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-02-24T00:00:00", "type": "nessus", "title": "Fedora 20 : sudo-1.8.12-1.fc20 (2015-2247)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sudo", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2015-2247.NASL", "href": "https://www.tenable.com/plugins/nessus/81458", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2247.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81458);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_xref(name:\"FEDORA\", value:\"2015-2247\");\n\n script_name(english:\"Fedora 20 : sudo-1.8.12-1.fc20 (2015-2247)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.8.12\n\n - fixes CVE-2014-9680\n\nUpdate to 1.8.11p2\n\nMajor upstream changes & fixes :\n\n - when running a command in the background, sudo will now\n forward SIGINFO to the command\n\n - the passwords in ldap.conf and ldap.secret may now be\n encoded in base64.\n\n - SELinux role changes are now audited. For sudoedit, we\n now audit the actual editor being run, instead of just\n the sudoedit command.\n\n - it is now possible to match an environment variable's\n value as well as its name using env_keep and env_check\n\n - new files created via sudoedit as a non-root user now\n have the proper group id\n\n - sudoedit now works correctly in conjunction with\n sudo's SELinux RBAC support\n\n - it is now possible to disable network interface\n probing in sudo.conf by changing the value of the\n probe_interfaces setting\n\n - when listing a user's privileges (sudo -l), the\n sudoers plugin will now prompt for the user's password\n even if the targetpw, rootpw or runaspw options are\n set.\n\n - the new use_netgroups sudoers option can be used to\n explicitly enable or disable netgroups support\n\n - visudo can now export a sudoers file in JSON format\n using the new -x flag\n\nDistribution specific changes :\n\n - added patch to read ldap.conf more closely to nss_ldap\n\n - require /usr/bin/vi instead of vim-minimal\n\n - include pam.d/system-auth in PAM session phase from\n pam.d/sudo\n\n - include pam.d/sudo in PAM session phase from\n pam.d/sudo-i\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1191144\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150327.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b1b1eb6e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"sudo-1.8.12-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:12:01", "description": "Updated sudo packages fix security vulnerability :\n\nPrior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block (CVE-2014-9680).\n\nThe sudo package has been updated to version 1.8.12, fixing this issue and several other bugs.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-03-30T00:00:00", "type": "nessus", "title": "Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:sudo", "p-cpe:/a:mandriva:linux:sudo-devel", "cpe:/o:mandriva:business_server:2"], "id": "MANDRIVA_MDVSA-2015-126.NASL", "href": "https://www.tenable.com/plugins/nessus/82379", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2015:126. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82379);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_xref(name:\"MDVSA\", value:\"2015:126\");\n\n script_name(english:\"Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandriva Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated sudo packages fix security vulnerability :\n\nPrior to sudo 1.8.12, the TZ environment variable was passed through\nunchecked. Most libc tzset() implementations support passing an\nabsolute pathname in the time zone to point to an arbitrary,\nuser-controlled file. This may be used to exploit bugs in the C\nlibrary's TZ parser or open files the user would not otherwise have\naccess to. Arbitrary file access via TZ could also be used in a denial\nof service attack by reading from a file or fifo that will block\n(CVE-2014-9680).\n\nThe sudo package has been updated to version 1.8.12, fixing this issue\nand several other bugs.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2015-0079.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-devel packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/30\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"sudo-1.8.12-1.mbs2\")) flag++;\nif (rpm_check(release:\"MDK-MBS2\", cpu:\"x86_64\", reference:\"sudo-devel-1.8.12-1.mbs2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:11:03", "description": "Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The later could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-02-23T00:00:00", "type": "nessus", "title": "Debian DSA-3167-1 : sudo - security update", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:sudo", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-3167.NASL", "href": "https://www.tenable.com/plugins/nessus/81426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3167. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81426);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"DSA\", value:\"3167\");\n\n script_name(english:\"Debian DSA-3167-1 : sudo - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable\nfrom a user's environment without any sanitization. A user with sudo\naccess may take advantage of this to exploit bugs in the C library\nfunctions which parse the TZ environment variable or to open files\nthat the user would not otherwise be able to open. The later could\npotentially cause changes in system behavior when reading certain\ndevice special files or cause the program run via sudo to block.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/sudo\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3167\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the sudo packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"sudo\", reference:\"1.8.5p2-1+nmu2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"sudo-ldap\", reference:\"1.8.5p2-1+nmu2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T14:42:22", "description": "sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-11-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : sudo (openSUSE-2015-703)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sudo", "p-cpe:/a:novell:opensuse:sudo-debuginfo", "p-cpe:/a:novell:opensuse:sudo-debugsource", "p-cpe:/a:novell:opensuse:sudo-devel", "p-cpe:/a:novell:opensuse:sudo-test", "cpe:/o:novell:opensuse:13.1", "cpe:/o:novell:opensuse:13.2"], "id": "OPENSUSE-2015-703.NASL", "href": "https://www.tenable.com/plugins/nessus/86738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-703.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86738);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\");\n\n script_name(english:\"openSUSE Security Update : sudo (openSUSE-2015-703)\");\n script_summary(english:\"Check for the openSUSE-2015-703 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment\n variable (bsc#917806).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-debuginfo-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-debugsource-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-devel-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-debuginfo-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-debugsource-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-devel-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-test-1.8.10p3-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-debugsource / sudo-devel / sudo-test\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:16:27", "description": "This update for sudo provides the following fixes :\n\nHandle TZ environment variable safely. (CVE-2014-9680, bnc#917806)\n\nDo not truncate long commands (131072 or more characters) without any warning. (bnc#901145)\n\nCreate log files with ownership set to user and group 'root'.\n(bnc#904694)\n\nClose PAM session properly. (bnc#880764)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-06-03T00:00:00", "type": "nessus", "title": "SUSE SLED11 / SLES11 Security Update : sudo (SUSE-SU-2015:0985-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sudo", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2015-0985-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0985-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83971);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : sudo (SUSE-SU-2015:0985-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for sudo provides the following fixes :\n\nHandle TZ environment variable safely. (CVE-2014-9680, bnc#917806)\n\nDo not truncate long commands (131072 or more characters) without any\nwarning. (bnc#901145)\n\nCreate log files with ownership set to user and group 'root'.\n(bnc#904694)\n\nClose PAM session properly. (bnc#880764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917806\"\n );\n # https://download.suse.com/patch/finder/?keywords=3f29625c93073c1ed3b6a38fb74296cb\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d3f8d40\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9680/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150985-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b59a2d89\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-sudo=10686\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-sudo=10686\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-sudo=10686\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"sudo-1.7.6p2-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"sudo-1.7.6p2-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"sudo-1.7.6p2-0.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:18:09", "description": "Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the 'sudoers: files sss sss' entry. The sudoers source processing code has been fixed to correctly handle multiple instances of the same sudoers source. As a result, sudo no longer hangs when a sudoers source is mentioned multiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib library. With this update, sudo can generate zlib compressed I/O logs and also process zlib compressed I/O logs generated by other versions of sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-07-23T00:00:00", "type": "nessus", "title": "RHEL 6 : sudo (RHSA-2015:1409)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-02-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:sudo", "p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo", "p-cpe:/a:redhat:enterprise_linux:sudo-devel", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/84943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1409. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84943);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"RHSA\", value:\"2015:1409\");\n\n script_name(english:\"RHEL 6 : sudo (RHSA-2015:1409)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9680\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1409\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sudo-debuginfo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-devel\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:17:54", "description": "From Red Hat Security Advisory 2015:1409 :\n\nUpdated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the 'sudoers: files sss sss' entry. The sudoers source processing code has been fixed to correctly handle multiple instances of the same sudoers source. As a result, sudo no longer hangs when a sudoers source is mentioned multiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib library. With this update, sudo can generate zlib compressed I/O logs and also process zlib compressed I/O logs generated by other versions of sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-07-30T00:00:00", "type": "nessus", "title": "Oracle Linux 6 : sudo (ELSA-2015-1409)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:sudo", "p-cpe:/a:oracle:linux:sudo-devel", "cpe:/o:oracle:linux:6"], "id": "ORACLELINUX_ELSA-2015-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/85104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1409 and \n# Oracle Linux Security Advisory ELSA-2015-1409 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85104);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"RHSA\", value:\"2015:1409\");\n\n script_name(english:\"Oracle Linux 6 : sudo (ELSA-2015-1409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1409 :\n\nUpdated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005230.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:11:06", "description": "- update to 1.8.12\n\n - fixes CVE-2014-9680\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-02-23T00:00:00", "type": "nessus", "title": "Fedora 21 : sudo-1.8.12-1.fc21 (2015-2281)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sudo", "cpe:/o:fedoraproject:fedora:21"], "id": "FEDORA_2015-2281.NASL", "href": "https://www.tenable.com/plugins/nessus/81431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2281.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81431);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_xref(name:\"FEDORA\", value:\"2015-2281\");\n\n script_name(english:\"Fedora 21 : sudo-1.8.12-1.fc21 (2015-2281)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.8.12\n\n - fixes CVE-2014-9680\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1191144\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150218.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c3da047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"sudo-1.8.12-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:10:54", "description": "New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-02-17T00:00:00", "type": "nessus", "title": "Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : sudo (SSA:2015-047-03)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:slackware:slackware_linux:sudo", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:13.1", "cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:14.0", "cpe:/o:slackware:slackware_linux:14.1"], "id": "SLACKWARE_SSA_2015-047-03.NASL", "href": "https://www.tenable.com/plugins/nessus/81388", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2015-047-03. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81388);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_xref(name:\"SSA\", value:\"2015-047-03\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : sudo (SSA:2015-047-03)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New sudo packages are available for Slackware 13.0, 13.1, 13.37,\n14.0, 14.1, and -current to fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.513277\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?131a1cf8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:14.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\nif (slackware_check(osver:\"14.0\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"i486\", pkgnum:\"1_slack14.0\")) flag++;\nif (slackware_check(osver:\"14.0\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.0\")) flag++;\n\nif (slackware_check(osver:\"14.1\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"i486\", pkgnum:\"1_slack14.1\")) flag++;\nif (slackware_check(osver:\"14.1\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"x86_64\", pkgnum:\"1_slack14.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.8.12\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:slackware_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-28T14:39:15", "description": "It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Scientific Linux 6 removes the TZ variable from the environment in which commands run by sudo are executed.\n\nThis update also fixes the following bugs :\n\n - Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation.\n\n - Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder.\n\n - Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the 'sudoers: files sss sss' entry. The sudoers source processing code has been fixed to correctly handle multiple instances of the same sudoers source. As a result, sudo no longer hangs when a sudoers source is mentioned multiple times in /etc/nsswitch.conf.\n\nIn addition, this update adds the following enhancement :\n\n - The sudo utility now supports I/O logs compressed using the zlib library. With this update, sudo can generate zlib compressed I/O logs and also process zlib compressed I/O logs generated by other versions of sudo with zlib support.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-08-04T00:00:00", "type": "nessus", "title": "Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-14T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:sudo", "p-cpe:/a:fermilab:scientific_linux:sudo-debuginfo", "p-cpe:/a:fermilab:scientific_linux:sudo-devel", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20150722_SUDO_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/85207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85207);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9680\");\n\n script_name(english:\"Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Scientific Linux 6 removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs :\n\n - Previously, the sudo utility child processes could\n sometimes become unresponsive because they ignored the\n SIGPIPE signal. With this update, SIGPIPE handler is\n properly restored in the function that reads passwords\n from the user, and the child processes no longer ignore\n SIGPIPE. As a result, sudo child processes do not hang\n in this situation.\n\n - Prior to this update, the order in which sudo rules were\n processed did not honor the user-defined sudoOrder\n attribute. Consequently, sudo rules were processed in an\n undefined order even when the user defined the order in\n sudoOrder. The implementation of SSSD support in sudo\n has been modified to sort the rules according to the\n sudoOrder value, and sudo rules are now sorted in the\n order defined by the user in sudoOrder.\n\n - Previously, sudo became unresponsive after the user\n issued a command when a sudoers source was mentioned\n multiple times in the /etc/nsswitch.conf file. The\n problem occurred when nsswitch.conf contained, for\n example, the 'sudoers: files sss sss' entry. The sudoers\n source processing code has been fixed to correctly\n handle multiple instances of the same sudoers source. As\n a result, sudo no longer hangs when a sudoers source is\n mentioned multiple times in /etc/nsswitch.conf.\n\nIn addition, this update adds the following enhancement :\n\n - The sudo utility now supports I/O logs compressed using\n the zlib library. With this update, sudo can generate\n zlib compressed I/O logs and also process zlib\n compressed I/O logs generated by other versions of sudo\n with zlib support.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=2462\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?079e01d8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/04\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"sudo-debuginfo-1.8.6p3-19.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:13:23", "description": "Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-03-17T00:00:00", "type": "nessus", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : sudo vulnerability (USN-2533-1)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:sudo", "p-cpe:/a:canonical:ubuntu_linux:sudo-ldap", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04", "cpe:/o:canonical:ubuntu_linux:14.10"], "id": "UBUNTU_USN-2533-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2533-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81881);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"USN\", value:\"2533-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : sudo vulnerability (USN-2533-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly\nhandled the TZ environment variable. An attacker with Sudo access\ncould possibly use this issue to open arbitrary files, bypassing\nintended permissions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2533-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo\", pkgver:\"1.7.2p1-1ubuntu5.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo-ldap\", pkgver:\"1.7.2p1-1ubuntu5.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"sudo\", pkgver:\"1.8.3p1-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"sudo-ldap\", pkgver:\"1.8.3p1-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sudo\", pkgver:\"1.8.9p5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sudo-ldap\", pkgver:\"1.8.9p5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"sudo\", pkgver:\"1.8.9p5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"sudo-ldap\", pkgver:\"1.8.9p5-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-ldap\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:21:35", "description": "sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806).", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-11-20T00:00:00", "type": "nessus", "title": "openSUSE Security Update : sudo (openSUSE-2015-687)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sudo", "p-cpe:/a:novell:opensuse:sudo-debuginfo", "p-cpe:/a:novell:opensuse:sudo-debugsource", "p-cpe:/a:novell:opensuse:sudo-devel", "p-cpe:/a:novell:opensuse:sudo-test", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2015-687.NASL", "href": "https://www.tenable.com/plugins/nessus/86956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-687.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86956);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\");\n\n script_name(english:\"openSUSE Security Update : sudo (openSUSE-2015-687)\");\n script_summary(english:\"Check for the openSUSE-2015-687 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment\n variable (bsc#917806).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-debuginfo-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-debugsource-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-devel-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-test-1.8.10p3-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-debugsource / sudo-devel / sudo-test\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-26T14:39:07", "description": "The remote OracleVM system is missing necessary patches to address critical security updates :\n\n - RHEL-6.7 erratum\n\n - modified the authlogicfix patch to fix #1144448\n\n - fixed a bug in the ldapusermatchfix patch Resolves:\n rhbz#1144448 Resolves: rhbz#1142122\n\n - RHEL-6.7 erratum\n\n - fixed the mantypos-ldap.patch Resolves: rhbz#1138267\n\n - RHEL-6.7 erratum\n\n - added patch for (CVE-2014-9680)\n\n - added BuildRequires for tzdata Resolves: rhbz#1200253\n\n - RHEL-6.7 erratum\n\n - added zlib-devel build required to enable zlib compression support\n\n - fixed two typos in the sudoers.ldap man page\n\n - fixed a hang when duplicate nss entries are specified in nsswitch.conf\n\n - SSSD: implemented sorting of the result entries according to the sudoOrder attribute\n\n - LDAP: fixed logic handling the computation of the 'user matched' flag\n\n - fixed restoring of the SIGPIPE signal in the tgetpass function\n\n - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267 Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves:\n rhbz#1142122 Resolves: rhbz#1094548 Resolves:\n rhbz#1144448\n\n - RHEL-6.6 erratum\n\n - SSSD: dropped the ipahostnameshort patch, as it is not needed. rhbz#1033703 is a configuration issue. Related:\n rhbz#1033703\n\n - RHEL-6.6 erratum\n\n - SSSD: fixed netgroup filter patch\n\n - SSSD: dropped serparate patch for #1006463, the fix is now part of the netgroup filter patch Resolves:\n rhbz#1006463 Resolves: rhbz#1083064\n\n - RHEL-6.6 erratum\n\n - don't retry authentication when ctrl-c pressed\n\n - fix double-quote processing in Defaults options\n\n - fix sesh login shell argv[0]\n\n - handle the '(none)' hostname correctly\n\n - SSSD: fix ipa_hostname handling\n\n - SSSD: fix sudoUser netgroup specification filtering\n\n - SSSD: list correct user when -U <user> -l specified\n\n - SSSD: show rule names on long listing (-ll) Resolves:\n rhbz#1065415 Resolves: rhbz#1078338 Resolves:\n rhbz#1052940 Resolves: rhbz#1083064 Resolves:\n rhbz#1033703 Resolves: rhbz#1006447 Resolves:\n rhbz#1006463 Resolves: rhbz#1070952", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-07-31T00:00:00", "type": "nessus", "title": "OracleVM 3.3 : sudo (OVMSA-2015-0103)", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-04T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:sudo", "cpe:/o:oracle:vm_server:3.3"], "id": "ORACLEVM_OVMSA-2015-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/85144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0103.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85144);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n\n script_name(english:\"OracleVM 3.3 : sudo (OVMSA-2015-0103)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - RHEL-6.7 erratum\n\n - modified the authlogicfix patch to fix #1144448\n\n - fixed a bug in the ldapusermatchfix patch Resolves:\n rhbz#1144448 Resolves: rhbz#1142122\n\n - RHEL-6.7 erratum\n\n - fixed the mantypos-ldap.patch Resolves: rhbz#1138267\n\n - RHEL-6.7 erratum\n\n - added patch for (CVE-2014-9680)\n\n - added BuildRequires for tzdata Resolves: rhbz#1200253\n\n - RHEL-6.7 erratum\n\n - added zlib-devel build required to enable zlib\n compression support\n\n - fixed two typos in the sudoers.ldap man page\n\n - fixed a hang when duplicate nss entries are specified in\n nsswitch.conf\n\n - SSSD: implemented sorting of the result entries\n according to the sudoOrder attribute\n\n - LDAP: fixed logic handling the computation of the 'user\n matched' flag\n\n - fixed restoring of the SIGPIPE signal in the tgetpass\n function\n\n - fixed listpw, verifypw + authenticate option logic in\n LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267\n Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves:\n rhbz#1142122 Resolves: rhbz#1094548 Resolves:\n rhbz#1144448\n\n - RHEL-6.6 erratum\n\n - SSSD: dropped the ipahostnameshort patch, as it is not\n needed. rhbz#1033703 is a configuration issue. Related:\n rhbz#1033703\n\n - RHEL-6.6 erratum\n\n - SSSD: fixed netgroup filter patch\n\n - SSSD: dropped serparate patch for #1006463, the fix is\n now part of the netgroup filter patch Resolves:\n rhbz#1006463 Resolves: rhbz#1083064\n\n - RHEL-6.6 erratum\n\n - don't retry authentication when ctrl-c pressed\n\n - fix double-quote processing in Defaults options\n\n - fix sesh login shell argv[0]\n\n - handle the '(none)' hostname correctly\n\n - SSSD: fix ipa_hostname handling\n\n - SSSD: fix sudoUser netgroup specification filtering\n\n - SSSD: list correct user when -U <user> -l specified\n\n - SSSD: show rule names on long listing (-ll) Resolves:\n rhbz#1065415 Resolves: rhbz#1078338 Resolves:\n rhbz#1052940 Resolves: rhbz#1083064 Resolves:\n rhbz#1033703 Resolves: rhbz#1006447 Resolves:\n rhbz#1006463 Resolves: rhbz#1070952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000351.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-27T14:14:01", "description": "The remote host is affected by the vulnerability described in GLSA-201504-02 (sudo: Information disclosure)\n\n sudo does not handle the TZ environment variable properly.\n Impact :\n\n A local attacker may be able to read arbitrary files or information from device special files.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-04-13T00:00:00", "type": "nessus", "title": "GLSA-201504-02 : sudo: Information disclosure", "bulletinFamily": "scanner", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:sudo", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201504-02.NASL", "href": "https://www.tenable.com/plugins/nessus/82732", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201504-02.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82732);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"GLSA\", value:\"201504-02\");\n\n script_name(english:\"GLSA-201504-02 : sudo: Information disclosure\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201504-02\n(sudo: Information disclosure)\n\n sudo does not handle the TZ environment variable properly.\n \nImpact :\n\n A local attacker may be able to read arbitrary files or information from\n device special files.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201504-02\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All sudo users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.12'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/sudo\", unaffected:make_list(\"ge 1.8.12\"), vulnerable:make_list(\"lt 1.8.12\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:qpkg_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-01-11T14:51:33", "description": "This update fixes the CVEs described below.\n\nCVE-2014-0106\n\nTodd C. Miller reported that if the env_reset option is disabled in the sudoers file, the env_delete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able to run arbitrary commands with elevated privileges by manipulating the environment of a command the user is legitimately allowed to run.\n\nCVE-2014-9680\n\nJakub Wilk reported that sudo preserves the TZ variable from a user's environment without any sanitization. A user with sudo access may take advantage of this to exploit bugs in the C library functions which parse the TZ environment variable or to open files that the user would not otherwise be able to open. The latter could potentially cause changes in system behavior when reading certain device special files or cause the program run via sudo to block.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-03-26T00:00:00", "type": "nessus", "title": "Debian DLA-160-1 : sudo security update", "bulletinFamily": "scanner", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0106", "CVE-2014-9680"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:sudo", "p-cpe:/a:debian:debian_linux:sudo-ldap", "cpe:/o:debian:debian_linux:6.0"], "id": "DEBIAN_DLA-160.NASL", "href": "https://www.tenable.com/plugins/nessus/82144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-160-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82144);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0106\", \"CVE-2014-9680\");\n script_bugtraq_id(65997, 72649);\n\n script_name(english:\"Debian DLA-160-1 : sudo security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the CVEs described below.\n\nCVE-2014-0106\n\nTodd C. Miller reported that if the env_reset option is disabled in\nthe sudoers file, the env_delete option is not correctly applied to\nenvironment variables specified on the command line. A malicious user\nwith sudo permissions may be able to run arbitrary commands with\nelevated privileges by manipulating the environment of a command the\nuser is legitimately allowed to run.\n\nCVE-2014-9680\n\nJakub Wilk reported that sudo preserves the TZ variable from a user's\nenvironment without any sanitization. A user with sudo access may take\nadvantage of this to exploit bugs in the C library functions which\nparse the TZ environment variable or to open files that the user would\nnot otherwise be able to open. The latter could potentially cause\nchanges in system behavior when reading certain device special files\nor cause the program run via sudo to block.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/02/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/sudo\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected sudo, and sudo-ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sudo-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"sudo\", reference:\"1.7.4p4-2.squeeze.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"sudo-ldap\", reference:\"1.7.4p4-2.squeeze.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-08-19T12:38:54", "description": "This update for sudo fixes the following issues :\n\n - fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality :\n\n - noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]\n\n - noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]\n\nSudo was updated to the package from SUSE:SLE-12-SP2:Update, incorporating the following new feature :\n\n - allow dynamic groups with sudo [fate#318850]\n\nThe following bug fixes are included :\n\n - parse /proc/stat for boottime correctly [boo#899252]\n\n - enable SASL authentication [boo#979531]", "cvss3": {}, "published": "2016-12-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : sudo (openSUSE-2016-1381)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680", "CVE-2016-7032", "CVE-2016-7076"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sudo", "p-cpe:/a:novell:opensuse:sudo-debuginfo", "p-cpe:/a:novell:opensuse:sudo-debugsource", "p-cpe:/a:novell:opensuse:sudo-devel", "p-cpe:/a:novell:opensuse:sudo-test", "cpe:/o:novell:opensuse:42.2"], "id": "OPENSUSE-2016-1381.NASL", "href": "https://www.tenable.com/plugins/nessus/95533", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1381.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95533);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\", \"CVE-2016-7032\", \"CVE-2016-7076\");\n\n script_name(english:\"openSUSE Security Update : sudo (openSUSE-2016-1381)\");\n script_summary(english:\"Check for the openSUSE-2016-1381 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for sudo fixes the following issues :\n\n - fix two security vulnerabilities that allowed users to\n bypass sudo's NOEXEC functionality :\n\n - noexec bypass via system() and popen() [CVE-2016-7032,\n bsc#1007766]\n\n - noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]\n\nSudo was updated to the package from SUSE:SLE-12-SP2:Update,\nincorporating the following new feature :\n\n - allow dynamic groups with sudo [fate#318850]\n\nThe following bug fixes are included :\n\n - parse /proc/stat for boottime correctly [boo#899252]\n\n - enable SASL authentication [boo#979531]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=899252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979531\"\n );\n # https://features.opensuse.org/818850\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://features.opensuse.org/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.2\", reference:\"sudo-1.8.10p3-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"sudo-debuginfo-1.8.10p3-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"sudo-debugsource-1.8.10p3-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"sudo-devel-1.8.10p3-7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.2\", reference:\"sudo-test-1.8.10p3-7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-debugsource / sudo-devel / sudo-test\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-02T17:05:00", "description": "This update for sudo fixes the following security issues :\n\n - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality :\n\n - noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]\n\n - noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]\n\n - Fix unsafe handling of TZ environment variable.\n [CVE-2014-9680, bsc#917806]\n\nAdditionally, these non-security fixes are included in the update :\n\n - Fix 'ignoring time stamp from the future' message after each boot with !tty_tickets. [bsc#899252]\n\n - Enable support for SASL-based authentication.\n [bsc#979531]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2016-12-06T00:00:00", "type": "nessus", "title": "openSUSE Security Update : sudo (openSUSE-2016-1402)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680", "CVE-2016-7032", "CVE-2016-7076"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sudo", "p-cpe:/a:novell:opensuse:sudo-debuginfo", "p-cpe:/a:novell:opensuse:sudo-debugsource", "p-cpe:/a:novell:opensuse:sudo-devel", "p-cpe:/a:novell:opensuse:sudo-test", "cpe:/o:novell:opensuse:42.1"], "id": "OPENSUSE-2016-1402.NASL", "href": "https://www.tenable.com/plugins/nessus/95556", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2016-1402.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95556);\n script_version(\"2.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\", \"CVE-2016-7032\", \"CVE-2016-7076\");\n\n script_name(english:\"openSUSE Security Update : sudo (openSUSE-2016-1402)\");\n script_summary(english:\"Check for the openSUSE-2016-1402 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for sudo fixes the following security issues :\n\n - Fix two security vulnerabilities that allowed users to\n bypass sudo's NOEXEC functionality :\n\n - noexec bypass via system() and popen() [CVE-2016-7032,\n bsc#1007766]\n\n - noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]\n\n - Fix unsafe handling of TZ environment variable.\n [CVE-2014-9680, bsc#917806]\n\nAdditionally, these non-security fixes are included in the update :\n\n - Fix 'ignoring time stamp from the future' message after\n each boot with !tty_tickets. [bsc#899252]\n\n - Enable support for SASL-based authentication.\n [bsc#979531]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1007766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=899252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=979531\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/12/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-1.8.10p3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-debuginfo-1.8.10p3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-debugsource-1.8.10p3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-devel-1.8.10p3-8.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-test-1.8.10p3-8.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-debugsource / sudo-devel / sudo-test\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-07-02T17:02:30", "description": "This update for sudo fixes the following security issues :\n\n - Fix two security vulnerabilities that allowed users to bypass sudo's NOEXEC functionality :\n\n - noexec bypass via system() and popen() [CVE-2016-7032, bsc#1007766]\n\n - noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]\n\n - Fix unsafe handling of TZ environment variable.\n [CVE-2014-9680, bsc#917806] Additionally, these non-security fixes are included in the update :\n\n - Fix 'ignoring time stamp from the future' message after each boot with !tty_tickets. [bsc#899252]\n\n - Enable support for SASL-based authentication.\n [bsc#979531]\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2016-11-25T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2904-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680", "CVE-2016-7032", "CVE-2016-7076"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:sudo", "p-cpe:/a:novell:suse_linux:sudo-debuginfo", "p-cpe:/a:novell:suse_linux:sudo-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2016-2904-1.NASL", "href": "https://www.tenable.com/plugins/nessus/95317", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2016:2904-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(95317);\n script_version(\"3.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9680\", \"CVE-2016-7032\", \"CVE-2016-7076\");\n script_bugtraq_id(72649);\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2904-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for sudo fixes the following security issues :\n\n - Fix two security vulnerabilities that allowed users to\n bypass sudo's NOEXEC functionality :\n\n - noexec bypass via system() and popen() [CVE-2016-7032,\n bsc#1007766]\n\n - noexec bypass via wordexp() [CVE-2016-7076, bsc#1007501]\n\n - Fix unsafe handling of TZ environment variable.\n [CVE-2014-9680, bsc#917806] Additionally, these\n non-security fixes are included in the update :\n\n - Fix 'ignoring time stamp from the future' message after\n each boot with !tty_tickets. [bsc#899252]\n\n - Enable support for SASL-based authentication.\n [bsc#979531]\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007501\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1007766\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=899252\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917806\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=979531\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9680/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7032/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2016-7076/\"\n );\n # https://www.suse.com/support/update/announcement/2016/suse-su-20162904-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?80d0e596\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t\npatch SUSE-SLE-SDK-12-SP1-2016-1692=1\n\nSUSE Linux Enterprise Server 12-SP1:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2016-1692=1\n\nSUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP1-2016-1692=1\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/11/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"sudo-1.8.10p3-2.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"sudo-debuginfo-1.8.10p3-2.6.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"sudo-debugsource-1.8.10p3-2.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"sudo-1.8.10p3-2.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"sudo-debuginfo-1.8.10p3-2.6.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"1\", cpu:\"x86_64\", reference:\"sudo-debugsource-1.8.10p3-2.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T14:25:47", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has sudo packages installed that are affected by multiple vulnerabilities:\n\n - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. (CVE-2011-0008)\n\n - check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. (CVE-2011-0010)\n\n - Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo. (CVE-2012-0809)\n\n - sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations that use a netmask syntax, which allows local users to bypass intended command restrictions in opportunistic circumstances by executing a command on a host that has an IPv4 address. (CVE-2012-2337)\n\n - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting the system clock and sudo user timestamp to the epoch. (CVE-2013-1775)\n\n - sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hijack the authorization of another terminal via vectors related to connecting to the standard input, output, and error file descriptors of another terminal. NOTE: this is one of three closely-related vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different affected versions. (CVE-2013-1776)\n\n - sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives. (CVE-2014-9680)\n\n - sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by /home/*/*/file.txt.\n (CVE-2015-5602)\n\n - sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary commands with elevated privileges. (CVE-2016-7076)\n\n - Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in the get_process_ttyname() function resulting in information disclosure and command execution.\n (CVE-2017-1000367)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user.\n NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions. (CVE-2019-19232)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-27T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : sudo Multiple Vulnerabilities (NS-SA-2021-0120)", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-0034", "CVE-2011-0008", "CVE-2011-0010", "CVE-2012-0809", "CVE-2012-2337", "CVE-2013-1775", "CVE-2013-1776", "CVE-2014-9680", "CVE-2015-5602", "CVE-2016-7076", "CVE-2017-1000367", "CVE-2019-19232", "CVE-2021-3156"], "modified": "2023-01-17T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:sudo", "p-cpe:/a:zte:cgsl_main:sudo-debuginfo", "p-cpe:/a:zte:cgsl_main:sudo-debugsource", "p-cpe:/a:zte:cgsl_main:sudo-devel", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2021-0120_SUDO.NASL", "href": "https://www.tenable.com/plugins/nessus/154540", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0120. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154540);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/17\");\n\n script_cve_id(\n \"CVE-2011-0008\",\n \"CVE-2011-0010\",\n \"CVE-2012-0809\",\n \"CVE-2012-2337\",\n \"CVE-2013-1775\",\n \"CVE-2013-1776\",\n \"CVE-2014-9680\",\n \"CVE-2015-5602\",\n \"CVE-2016-7076\",\n \"CVE-2017-1000367\",\n \"CVE-2019-19232\",\n \"CVE-2021-3156\"\n );\n script_xref(name:\"IAVA\", value:\"2013-A-0179-S\");\n script_xref(name:\"IAVA\", value:\"2017-A-0165-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0053\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/04/27\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : sudo Multiple Vulnerabilities (NS-SA-2021-0120)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has sudo packages installed that are affected by multiple\nvulnerabilities:\n\n - A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on Fedora 14 does not properly interpret\n a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to\n that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a\n sudo command. NOTE: this vulnerability exists because of a CVE-2009-0034 regression. (CVE-2011-0008)\n\n - check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for\n command execution that involves a gid change but no uid change, which allows local users to bypass an\n intended authentication requirement via the -g option to a sudo command. (CVE-2011-0010)\n\n - Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to\n execute arbitrary code via format string sequences in the program name for sudo. (CVE-2012-0809)\n\n - sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does not properly support configurations\n that use a netmask syntax, which allows local users to bypass intended command restrictions in\n opportunistic circumstances by executing a command on a host that has an IPv4 address. (CVE-2012-2337)\n\n - sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate\n attackers to bypass intended time restrictions and retain privileges without re-authenticating by setting\n the system clock and sudo user timestamp to the epoch. (CVE-2013-1775)\n\n - sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the tty_tickets option is enabled, does not\n properly validate the controlling terminal device, which allows local users with sudo permissions to\n hijack the authorization of another terminal via vectors related to connecting to the standard input,\n output, and error file descriptors of another terminal. NOTE: this is one of three closely-related\n vulnerabilities that were originally assigned CVE-2013-1776, but they have been SPLIT because of different\n affected versions. (CVE-2013-1776)\n\n - sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file,\n which allows local users to open arbitrary files for read access (but not view file contents) by running a\n program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log\n messages, or repositioning tape drives. (CVE-2014-9680)\n\n - sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose\n full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by /home/*/*/file.txt.\n (CVE-2015-5602)\n\n - sudo before version 1.8.18p1 is vulnerable to a bypass in the sudo noexec restriction if application run\n via sudo executed wordexp() C library function with a user supplied argument. A local user permitted to\n run such application via sudo with noexec restriction could possibly use this flaw to execute arbitrary\n commands with elevated privileges. (CVE-2016-7076)\n\n - Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an input validation (embedded spaces) in\n the get_process_ttyname() function resulting in information disclosure and command execution.\n (CVE-2017-1000367)\n\n - ** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can\n impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user.\n NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo\n as a user not present in the local password database is an intentional feature. Because this behavior\n surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default\n being disabled. However, this does not change the fact that sudo was behaving as intended, and as\n documented, in earlier versions. (CVE-2019-19232)\n\n - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which\n allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single\n backslash character. (CVE-2021-3156)\n\n - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is\n exploitable by any local user who can execute the sudo command without authentication. Successful\n exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0120\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2011-0008\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2011-0010\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2012-0809\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2012-2337\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2013-1775\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2013-1776\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2014-9680\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2015-5602\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2016-7076\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2017-1000367\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2019-19232\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-3156\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL sudo packages. Note that updated packages may not be available yet. Please contact ZTE for\nmore information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3156\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Sudo Heap-Based Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:\"CANVAS\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/01/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'sudo-1.8.29-6.el8_3.1.cgslv6_2.0.1.g2081d35',\n 'sudo-debuginfo-1.8.29-6.el8_3.1.cgslv6_2.0.1.g2081d35',\n 'sudo-debugsource-1.8.29-6.el8_3.1.cgslv6_2.0.1.g2081d35',\n 'sudo-devel-1.8.29-6.el8_3.1.cgslv6_2.0.1.g2081d35'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sudo');\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-02-17T14:44:47", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to version 10.10.5. The installed version is affected by multiple vulnerabilities in the following components :\n\n - apache (CVE-2014-3581, CVE-2014-3583, CVE-2014-8109, CVE-2015-0228, CVE-2015-0253, CVE-2015-3183, CVE-2015-3185)\n - apache_mod_php (CVE-2015-2783, CVE-2015-2787, CVE-2015-3307, CVE-2015-3329, CVE-2015-3330, CVE-2015-4021, CVE-2015-4022, CVE-2015-4024, CVE-2015-4025, CVE-2015-4026, CVE-2015-4147, CVE-2015-4148)\n - Apple ID OD Plug-in (CVE-2015-3799)\n - AppleGraphicsControl (CVE-2015-5768)\n - Bluetooth (CVE-2015-3777, CVE-2015-3779, CVE-2015-3780, CVE-2015-3786, CVE-2015-3787)\n - bootp (CVE-2015-3778)\n - CloudKit (CVE-2015-3782)\n - CoreMedia Playback (CVE-2015-5777, CVE-2015-5778)\n - CoreText (CVE-2015-5761, CVE-2015-5755)\n - curl (CVE-2014-3613, CVE-2014-3620, CVE-2014-3707, CVE-2014-8150, CVE-2014-8151, CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153)\n - Data Detectors Engine (CVE-2015-5750)\n - Date & Time pref pane (CVE-2015-3757)\n - Dictionary Application (CVE-2015-3774)\n - DiskImages (CVE-2015-3800)\n - dyld (CVE-2015-3760)\n - FontParser (CVE-2015-3804, CVE-2015-5775, CVE-2015-5756)\n - groff (CVE-2009-5044, CVE-2009-5078)\n - ImageIO (CVE-2015-5758, CVE-2015-5781, CVE-2015-5782)\n - Install Framework Legacy (CVE-2015-5784, CVE-2015-5754)\n - IOFireWireFamily (CVE-2015-3769, CVE-2015-3771, CVE-2015-3772)\n - IOGraphics (CVE-2015-3770, CVE-2015-5783)\n - IOHIDFamily (CVE-2015-5774)\n - Kernel (CVE-2015-3766, CVE-2015-3768, CVE-2015-5747, CVE-2015-5748, CVE-2015-3806, CVE-2015-3803, CVE-2015-3802, CVE-2015-3805, CVE-2015-3776, CVE-2015-3761)\n - Libc (CVE-2015-3796, CVE-2015-3797, CVE-2015-3798)\n - Libinfo (CVE-2015-5776)\n - libpthread (CVE-2015-5757)\n - libxml2 (CVE-2014-0191, CVE-2014-3660, CVE-2015-3807)\n - libxpc (CVE-2015-3795)\n - mail_cmds (CVE-2014-7844)\n - Notification Center OSX (CVE-2015-3764)\n - ntfs (CVE-2015-5763)\n - OpenSSH (CVE-2015-5600)\n - OpenSSL (CVE-2015-1788, CVE-2015-1789, CVE-2015-1790, CVE-2015-1791, CVE-2015-1792)\n - perl (CVE-2013-7422)\n - PostgreSQL (CVE-2014-0067, CVE-2014-8161, CVE-2015-0241, CVE-2015-0242, CVE-2015-0243, CVE-2015-0244)\n - python (CVE-2013-7040, CVE-2013-7338, CVE-2014-1912, CVE-2014-7185, CVE-2014-9365)\n - QL Office (CVE-2015-5773, CVE-2015-3784)\n - Quartz Composer Framework (CVE-2015-5771)\n - Quick Look (CVE-2015-3781)\n - QuickTime 7 (CVE-2015-3779, CVE-2015-5753, CVE-2015-5779, CVE-2015-3765, CVE-2015-3788, CVE-2015-3789, CVE-2015-3790, CVE-2015-3791, CVE-2015-3792, CVE-2015-5751)\n - SceneKit (CVE-2015-5772, CVE-2015-3783)\n - Security (CVE-2015-3775)\n - SMBClient (CVE-2015-3773)\n - Speech UI (CVE-2015-3794)\n - sudo (CVE-2013-1775, CVE-2013-1776, CVE-2013-2776, CVE-2013-2777, CVE-2014-0106, CVE-2014-9680)\n - tcpdump (CVE-2014-8767, CVE-2014-8769, CVE-2014-9140)\n - Text Formats (CVE-2015-3762)\n - udf (CVE-2015-3767)\n\n Note that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-10-16T00:00:00", "type": "nessus", "title": "Mac OS X < 10.10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5044", "CVE-2009-5078", "CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-7040", "CVE-2013-7338", "CVE-2013-7422", "CVE-2014-0067", "CVE-2014-0106", "CVE-2014-0191", "CVE-2014-1912", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3660", "CVE-2014-3707", "CVE-2014-7185", "CVE-2014-7844", "CVE-2014-8109", "CVE-2014-8150", "CVE-2014-8151", "CVE-2014-8161", "CVE-2014-8767", "CVE-2014-8769", "CVE-2014-9140", "CVE-2014-9365", "CVE-2014-9680", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3757", "CVE-2015-3760", "CVE-2015-3761", "CVE-2015-3762", "CVE-2015-3764", "CVE-2015-3765", "CVE-2015-3766", "CVE-2015-3767", "CVE-2015-3768", "CVE-2015-3769", "CVE-2015-3770", "CVE-2015-3771", "CVE-2015-3772", "CVE-2015-3773", "CVE-2015-3774", "CVE-2015-3775", "CVE-2015-3776", "CVE-2015-3777", "CVE-2015-3778", "CVE-2015-3779", "CVE-2015-3780", "CVE-2015-3781", "CVE-2015-3782", "CVE-2015-3783", "CVE-2015-3784", "CVE-2015-3786", "CVE-2015-3787", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3794", "CVE-2015-3795", "CVE-2015-3796", "CVE-2015-3797", "CVE-2015-3798", "CVE-2015-3799", "CVE-2015-3800", "CVE-2015-3802", "CVE-2015-3803", "CVE-2015-3804", "CVE-2015-3805", "CVE-2015-3806", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5600", "CVE-2015-5747", "CVE-2015-5748", "CVE-2015-5750", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5754", "CVE-2015-5755", "CVE-2015-5756", "CVE-2015-5757", "CVE-2015-5758", "CVE-2015-5761", "CVE-2015-5763", "CVE-2015-5768", "CVE-2015-5771", "CVE-2015-5772", "CVE-2015-5773", "CVE-2015-5774", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5777", "CVE-2015-5778", "CVE-2015-5779", "CVE-2015-5781", "CVE-2015-5782", "CVE-2015-5783", "CVE-2015-5784"], "modified": "2019-03-06T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "8981.PRM", "href": "https://www.tenable.com/plugins/nnm/8981", "sourceData": "Binary data 8981.prm", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-03-16T15:20:19", "description": "The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - apache\n - apache_mod_php\n - Apple ID OD Plug-in\n - AppleGraphicsControl\n - Bluetooth\n - bootp\n - CloudKit\n - CoreMedia Playback\n - CoreText\n - curl\n - Data Detectors Engine\n - Date & Time pref pane\n - Dictionary Application\n - DiskImages\n - dyld\n - FontParser\n - groff\n - ImageIO\n - Install Framework Legacy\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - Kernel\n - Libc\n - Libinfo\n - libpthread\n - libxml2\n - libxpc\n - mail_cmds\n - Notification Center OSX\n - ntfs\n - OpenSSH\n - OpenSSL\n - perl\n - PostgreSQL\n - python\n - QL Office\n - Quartz Composer Framework\n - Quick Look\n - QuickTime 7\n - SceneKit\n - Security\n - SMBClient\n - Speech UI\n - sudo\n - tcpdump\n - Text Formats\n - udf \n\nNote that successful exploitation of the most serious issues can result in arbitrary code execution.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2015-08-17T00:00:00", "type": "nessus", "title": "Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities", "bulletinFamily": "scanner", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-5044", "CVE-2009-5078", "CVE-2012-6685", "CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2776", "CVE-2013-2777", "CVE-2013-7040", "CVE-2013-7338", "CVE-2013-7422", "CVE-2014-0067", "CVE-2014-0106", "CVE-2014-0191", "CVE-2014-1912", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-3613", "CVE-2014-3620", "CVE-2014-3660", "CVE-2014-3707", "CVE-2014-7185", "CVE-2014-7844", "CVE-2014-8109", "CVE-2014-8150", "CVE-2014-8151", "CVE-2014-8161", "CVE-2014-8767", "CVE-2014-8769", "CVE-2014-9140", "CVE-2014-9365", "CVE-2014-9680", "CVE-2015-0228", "CVE-2015-0241", "CVE-2015-0242", "CVE-2015-0243", "CVE-2015-0244", "CVE-2015-0253", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-2783", "CVE-2015-2787", "CVE-2015-3143", "CVE-2015-3144", "CVE-2015-3145", "CVE-2015-3148", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3185", "CVE-2015-3307", "CVE-2015-3329", "CVE-2015-3330", "CVE-2015-3729", "CVE-2015-3730", "CVE-2015-3731", "CVE-2015-3732", "CVE-2015-3733", "CVE-2015-3734", "CVE-2015-3735", "CVE-2015-3736", "CVE-2015-3737", "CVE-2015-3738", "CVE-2015-3739", "CVE-2015-3740", "CVE-2015-3741", "CVE-2015-3742", "CVE-2015-3743", "CVE-2015-3744", "CVE-2015-3745", "CVE-2015-3746", "CVE-2015-3747", "CVE-2015-3748", "CVE-2015-3749", "CVE-2015-3750", "CVE-2015-3751", "CVE-2015-3752", "CVE-2015-3753", "CVE-2015-3754", "CVE-2015-3755", "CVE-2015-3757", "CVE-2015-3760", "CVE-2015-3761", "CVE-2015-3762", "CVE-2015-3764", "CVE-2015-3765", "CVE-2015-3766", "CVE-2015-3767", "CVE-2015-3768", "CVE-2015-3769", "CVE-2015-3770", "CVE-2015-3771", "CVE-2015-3772", "CVE-2015-3773", "CVE-2015-3774", "CVE-2015-3775", "CVE-2015-3776", "CVE-2015-3777", "CVE-2015-3778", "CVE-2015-3779", "CVE-2015-3780", "CVE-2015-3781", "CVE-2015-3782", "CVE-2015-3783", "CVE-2015-3784", "CVE-2015-3786", "CVE-2015-3787", "CVE-2015-3788", "CVE-2015-3789", "CVE-2015-3790", "CVE-2015-3791", "CVE-2015-3792", "CVE-2015-3794", "CVE-2015-3795", "CVE-2015-3796", "CVE-2015-3797", "CVE-2015-3798", "CVE-2015-3799", "CVE-2015-3800", "CVE-2015-3802", "CVE-2015-3803", "CVE-2015-3804", "CVE-2015-3805", "CVE-2015-3806", "CVE-2015-3807", "CVE-2015-4021", "CVE-2015-4022", "CVE-2015-4024", "CVE-2015-4025", "CVE-2015-4026", "CVE-2015-4147", "CVE-2015-4148", "CVE-2015-5600", "CVE-2015-5747", "CVE-2015-5748", "CVE-2015-5750", "CVE-2015-5751", "CVE-2015-5753", "CVE-2015-5754", "CVE-2015-5755", "CVE-2015-5756", "CVE-2015-5757", "CVE-2015-5758", "CVE-2015-5761", "CVE-2015-5763", "CVE-2015-5768", "CVE-2015-5771", "CVE-2015-5772", "CVE-2015-5773", "CVE-2015-5774", "CVE-2015-5775", "CVE-2015-5776", "CVE-2015-5777", "CVE-2015-5778", "CVE-2015-5779", "CVE-2015-5781", "CVE-2015-5782", "CVE-2015-5783", "CVE-2015-5784"], "modified": "2018-07-16T00:00:00", "cpe": ["cpe:/o:apple:mac_os_x"], "id": "MACOSX_10_10_5.NASL", "href": "https://www.tenable.com/plugins/nessus/85408", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(85408);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/07/16 12:48:31\");\n\n script_cve_id(\n \"CVE-2009-5044\",\n \"CVE-2009-5078\",\n \"CVE-2012-6685\",\n \"CVE-2013-1775\",\n \"CVE-2013-1776\",\n \"CVE-2013-2776\",\n \"CVE-2013-2777\",\n \"CVE-2013-7040\",\n \"CVE-2013-7338\",\n \"CVE-2013-7422\",\n \"CVE-2014-0067\",\n \"CVE-2014-0106\",\n \"CVE-2014-0191\",\n \"CVE-2014-1912\",\n \"CVE-2014-3581\",\n \"CVE-2014-3583\",\n \"CVE-2014-3613\",\n \"CVE-2014-3620\",\n \"CVE-2014-3660\",\n \"CVE-2014-3707\",\n \"CVE-2014-7185\",\n \"CVE-2014-7844\",\n \"CVE-2014-8109\",\n \"CVE-2014-8150\",\n \"CVE-2014-8151\",\n \"CVE-2014-8161\",\n \"CVE-2014-8767\",\n \"CVE-2014-8769\",\n \"CVE-2014-9140\",\n \"CVE-2014-9365\",\n \"CVE-2014-9680\",\n \"CVE-2015-0228\",\n \"CVE-2015-0241\",\n \"CVE-2015-0242\",\n \"CVE-2015-0243\",\n \"CVE-2015-0244\",\n \"CVE-2015-0253\",\n \"CVE-2015-1788\",\n \"CVE-2015-1789\",\n \"CVE-2015-1790\",\n \"CVE-2015-1791\",\n \"CVE-2015-1792\",\n \"CVE-2015-2783\",\n \"CVE-2015-2787\",\n \"CVE-2015-3143\",\n \"CVE-2015-3144\",\n \"CVE-2015-3145\",\n \"CVE-2015-3148\",\n \"CVE-2015-3153\",\n \"CVE-2015-3183\",\n \"CVE-2015-3185\",\n \"CVE-2015-3307\",\n \"CVE-2015-3329\",\n \"CVE-2015-3330\",\n \"CVE-2015-3729\",\n \"CVE-2015-3730\",\n \"CVE-2015-3731\",\n \"CVE-2015-3732\",\n \"CVE-2015-3733\",\n \"CVE-2015-3734\",\n \"CVE-2015-3735\",\n \"CVE-2015-3736\",\n \"CVE-2015-3737\",\n \"CVE-2015-3738\",\n \"CVE-2015-3739\",\n \"CVE-2015-3740\",\n \"CVE-2015-3741\",\n \"CVE-2015-3742\",\n \"CVE-2015-3743\",\n \"CVE-2015-3744\",\n \"CVE-2015-3745\",\n \"CVE-2015-3746\",\n \"CVE-2015-3747\",\n \"CVE-2015-3748\",\n \"CVE-2015-3749\",\n \"CVE-2015-3750\",\n \"CVE-2015-3751\",\n \"CVE-2015-3752\",\n \"CVE-2015-3753\",\n \"CVE-2015-3754\",\n \"CVE-2015-3755\",\n \"CVE-2015-3757\",\n \"CVE-2015-3760\",\n \"CVE-2015-3761\",\n \"CVE-2015-3762\",\n \"CVE-2015-3764\",\n \"CVE-2015-3765\",\n \"CVE-2015-3766\",\n \"CVE-2015-3767\",\n \"CVE-2015-3768\",\n \"CVE-2015-3769\",\n \"CVE-2015-3770\",\n \"CVE-2015-3771\",\n \"CVE-2015-3772\",\n \"CVE-2015-3773\",\n \"CVE-2015-3774\",\n \"CVE-2015-3775\",\n \"CVE-2015-3776\",\n \"CVE-2015-3777\",\n \"CVE-2015-3778\",\n \"CVE-2015-3779\",\n \"CVE-2015-3780\",\n \"CVE-2015-3781\",\n \"CVE-2015-3782\",\n \"CVE-2015-3783\",\n \"CVE-2015-3784\",\n \"CVE-2015-3786\",\n \"CVE-2015-3787\",\n \"CVE-2015-3788\",\n \"CVE-2015-3789\",\n \"CVE-2015-3790\",\n \"CVE-2015-3791\",\n \"CVE-2015-3792\",\n \"CVE-2015-3794\",\n \"CVE-2015-3795\",\n \"CVE-2015-3796\",\n \"CVE-2015-3797\",\n \"CVE-2015-3798\",\n \"CVE-2015-3799\",\n \"CVE-2015-3800\",\n \"CVE-2015-3802\",\n \"CVE-2015-3803\",\n \"CVE-2015-3804\",\n \"CVE-2015-3805\",\n \"CVE-2015-3806\",\n \"CVE-2015-3807\",\n \"CVE-2015-4021\",\n \"CVE-2015-4022\",\n \"CVE-2015-4024\",\n \"CVE-2015-4025\",\n \"CVE-2015-4026\",\n \"CVE-2015-4147\",\n \"CVE-2015-4148\",\n \"CVE-2015-5600\",\n \"CVE-2015-5747\",\n \"CVE-2015-5748\",\n \"CVE-2015-5750\",\n \"CVE-2015-5751\",\n \"CVE-2015-5753\",\n \"CVE-2015-5754\",\n \"CVE-2015-5755\",\n \"CVE-2015-5756\",\n \"CVE-2015-5757\",\n \"CVE-2015-5758\",\n \"CVE-2015-5761\",\n \"CVE-2015-5763\",\n \"CVE-2015-5768\",\n \"CVE-2015-5771\",\n \"CVE-2015-5772\",\n \"CVE-2015-5773\",\n \"CVE-2015-5774\",\n \"CVE-2015-5775\",\n \"CVE-2015-5776\",\n \"CVE-2015-5777\",\n \"CVE-2015-5778\",\n \"CVE-2015-5779\",\n \"CVE-2015-5781\",\n \"CVE-2015-5782\",\n \"CVE-2015-5783\",\n \"CVE-2015-5784\"\n );\n script_bugtraq_id(\n 36381,\n 58203,\n 58207,\n 62741,\n 64194,\n 65179,\n 65379,\n 65721,\n 65997,\n 67233,\n 69742,\n 69748,\n 70089,\n 70644,\n 70988,\n 71150,\n 71153,\n 71468,\n 71639,\n 71656,\n 71657,\n 71701,\n 71964,\n 72538,\n 72540,\n 72542,\n 72543,\n 72649,\n 72981,\n 73040,\n 73041,\n 73357,\n 73431,\n 74174,\n 74204,\n 74239,\n 74240,\n 74299,\n 74300,\n 74301,\n 74303,\n 74408,\n 74700,\n 74703,\n 74902,\n 74903,\n 74904,\n 75056,\n 75103,\n 75154,\n 75156,\n 75157,\n 75158,\n 75161,\n 75704,\n 75963,\n 75964,\n 75965,\n 75990,\n 76337,\n 76338,\n 76339,\n 76340,\n 76341,\n 76342,\n 76343,\n 76344\n );\n script_xref(name:\"APPLE-SA\", value:\"APPLE-SA-2015-08-13-2\");\n\n script_name(english:\"Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities\");\n script_summary(english:\"Checks the version of Mac OS X.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is missing a Mac OS X update that fixes multiple\nsecurity vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is running a version of Mac OS X 10.10.x that is prior\nto 10.10.5. It is, therefore, affected by multiple vulnerabilities in\nthe following components :\n\n - apache\n - apache_mod_php\n - Apple ID OD Plug-in\n - AppleGraphicsControl\n - Bluetooth\n - bootp\n - CloudKit\n - CoreMedia Playback\n - CoreText\n - curl\n - Data Detectors Engine\n - Date & Time pref pane\n - Dictionary Application\n - DiskImages\n - dyld\n - FontParser\n - groff\n - ImageIO\n - Install Framework Legacy\n - IOFireWireFamily\n - IOGraphics\n - IOHIDFamily\n - Kernel\n - Libc\n - Libinfo\n - libpthread\n - libxml2\n - libxpc\n - mail_cmds\n - Notification Center OSX\n - ntfs\n - OpenSSH\n - OpenSSL\n - perl\n - PostgreSQL\n - python\n - QL Office\n - Quartz Composer Framework\n - Quick Look\n - QuickTime 7\n - SceneKit\n - Security\n - SMBClient\n - Speech UI\n - sudo\n - tcpdump\n - Text Formats\n - udf \n\nNote that successful exploitation of the most serious issues can\nresult in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.apple.com/en-us/HT205031\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Mac OS X 10.10.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Apple OS X DYLD_PRINT_TO_FILE Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/07/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:apple:mac_os_x\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"os_fingerprint.nasl\");\n script_require_ports(\"Host/MacOSX/Version\", \"Host/OS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nos = get_kb_item(\"Host/MacOSX/Version\");\nif (!os)\n{\n os = get_kb_item_or_exit(\"Host/OS\");\n if (\"Mac OS X\" >!< os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\n c = get_kb_item(\"Host/OS/Confidence\");\n if (c <= 70) exit(1, \"Can't determine the host's OS with sufficient confidence.\");\n}\nif (!os) audit(AUDIT_OS_NOT, \"Mac OS X\");\n\nmatch = eregmatch(pattern:\"Mac OS X ([0-9]+(\\.[0-9]+)+)\", string:os);\nif (isnull(match)) exit(1, \"Failed to parse the Mac OS X version ('\" + os + \"').\");\n\nversion = match[1];\nif (!ereg(pattern:\"^10\\.10([^0-9]|$)\", string:version)) audit(AUDIT_OS_NOT, \"Mac OS X 10.10\", \"Mac OS X \"+version);\n\nfixed_version = \"10.10.5\";\nif (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1)\n{\n if (report_verbosity > 0)\n {\n report = '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fixed_version +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected since it is running Mac OS X \"+version+\".\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2022-01-17T19:07:03", "description": "### Background\n\nsudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. \n\n### Description\n\nsudo does not handle the TZ environment variable properly.\n\n### Impact\n\nA local attacker may be able to read arbitrary files or information from device special files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll sudo users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/sudo-1.8.12\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-04-11T00:00:00", "type": "gentoo", "title": "sudo: Information disclosure", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-04-11T00:00:00", "id": "GLSA-201504-02", "href": "https://security.gentoo.org/glsa/201504-02", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "ibm": [{"lastseen": "2023-02-21T21:53:33", "description": "## Summary\n\nA security vulnerability has been discovered in sudo that is embedded in the IBM FSM. This record addresses the issue.\n\n## Vulnerability Details\n\n**CVEID:** [_CVE-2014-9680_](<https://vulners.com/cve/CVE-2014-9680>)** \nDESCRIPTION:** Todd Miller sudo could allow a local attacker to bypass security restrictions, caused by the failure to check the TZ environment variable prior to passing through the TZ parser. An attacker could exploit this vulnerability to cause a denial of service and launch further attacks on the system. \nCVSS Base Score: 3 \nCVSS Temporal Score: See [_https://exchange.xforce.ibmcloud.com/vulnerabilities/101202_](<https://exchange.xforce.ibmcloud.com/vulnerabilities/101202>) for the current score \nCVSS Environmental Score*: Undefined \nCVSS Vector: (AV:L/AC:M/Au:S/C:N/I:P/A:P) \n\n## Affected Products and Versions\n\nFlex System Manager 1.3.4.x \nFlex System Manager 1.3.3.x \nFlex System Manager 1.3.2.x \nFlex System Manager 1.3.1.x \nFlex System Manager 1.3.0.x \nFlex System Manager 1.2.x.x \nFlex System Manager 1.1.x.x\n\n## Remediation/Fixes\n\nIBM recommends updating the FSM using the instructions referenced in this table. \n \n**Warning**: Agents older than version 6.3.5 must be updated using the Technote listed in these Remediation plans before this FSM fix is installed or you will permanently lose contact with the endpoint with agents older than version 6.3.5 \n \n\n\nProduct | \n\nVRMF | \n\nAPAR | \n\nRemediation \n---|---|---|--- \nFlex System Manager| \n\n1.3.4.x | \n\nIT12602\n\n| Verify the required Java updates have been completed, then install [fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.4.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of Technote [761981453](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>). \n \nFlex System Manager| \n\n1.3.3.x | \n\nIT12602\n\n| Verify the required Java updates have been completed, then install [fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.3.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of [](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>)Technote [736218441](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas724cb521f58c4126286257dfd005c1958>). \n \nFlex System Manager| \n\n1.3.2.x | \n\nIT12602\n\n| Verify the required Java updates have been completed, then install [fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602](<http://www-933.ibm.com/support/fixcentral/systemx/selectFix?product=ibm%2Fsystemx%2F8731&fixids=fsmfix1.3.2.0_IT11636_IT12081_IT12596_IT12597_IT12599_IT12601_IT12602&function=fixId&parent=Flex%20System%20Manager%20Node>)\n\nInstructions for verifying installation of the Java updates can be found in the \"Confirm the fixes were applied properly\" section of [](<http://www-01.ibm.com/support/docview.wss?uid=nas777e5323a516f40f286257f03006ae4b5>)Technote [736218441](<http://www-01.ibm.com/support/docview.wss?rs=0&uid=nas724cb521f58c4126286257dfd005c1958>). \n \nFlex System Manager| \n\n1.3.1.x | \n\nIT12602\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.3.0.x | \n\nIT12602\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.2.x.x | \n\nIT12602\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \nFlex System Manager| \n\n1.1.x.x | \n\nIT12602\n\n| IBM recommends upgrading to a fixed, supported version/release and following the appropriate remediation for all vulnerabilities. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2018-06-18T01:30:10", "type": "ibm", "title": "Security Bulletin: A vulnerability in sudo affects IBM Flex System Manager (FSM) (CVE-2014-9680)", "bulletinFamily": "software", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2018-06-18T01:30:10", "id": "6AC59005BB04765E41F21565EB214047270DFF5EBC6670BCC7CCECEE22142C96", "href": "https://www.ibm.com/support/pages/node/681871", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:37:07", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-07-23T00:00:00", "type": "openvas", "title": "RedHat Update for sudo RHSA-2015:1409-01", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2018-11-23T00:00:00", "id": "OPENVAS:1361412562310871414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871414", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2015:1409-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871414\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:27:26 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for sudo RHSA-2015:1409-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes, without\nhaving to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands via\nsudo could possibly use this flaw to achieve system state changes not\npermitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs:\n\n * Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this update,\nSIGPIPE handler is properly restored in the function that reads passwords\nfrom the user, and the child processes no longer ignore SIGPIPE. As a\nresult, sudo child processes do not hang in this situation. (BZ#1094548)\n\n * Prior to this update, the order in which sudo rules were processed did\nnot honor the user-defined sudoOrder attribute. Consequently, sudo rules\nwere processed in an undefined order even when the user defined the order\nin sudoOrder. The implementation of SSSD support in sudo has been modified\nto sort the rules according to the sudoOrder value, and sudo rules are now\nsorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n * Previously, sudo became unresponsive after the user issued a command when\na sudoers source was mentioned multiple times in the /etc/nsswitch.conf\nfile. The problem occurred when nsswitch.conf contained, for example, the\n'sudoers: files sss sss' entry. The sudoers source processing code has been\nfixed to correctly handle multiple instances of the same sudoers source.\nAs a result, sudo no longer hangs when a sudoers source is mentioned\nmultiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement:\n\n * The sudo utility now supports I/O logs compressed using the zlib library.\nWith this update, sudo can generate zlib compressed I/O logs and also\nprocess zlib compressed I/O logs generated by other versions of sudo with\nzlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\");\n script_tag(name:\"affected\", value:\"sudo on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1409-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00028.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.6p3~19.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.8.6p3~19.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:25", "description": "Oracle Linux Local Security Checks ELSA-2015-1409", "cvss3": {}, "published": "2015-10-06T00:00:00", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1409", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2018-09-28T00:00:00", "id": "OPENVAS:1361412562310123062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123062", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1409.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123062\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1409\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1409 - sudo security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1409\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1409.html\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.6p3~19.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"sudo-devel\", rpm:\"sudo-devel~1.8.6p3~19.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:22", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-02-23T00:00:00", "type": "openvas", "title": "Fedora Update for sudo FEDORA-2015-2281", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869030", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sudo FEDORA-2015-2281\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869030\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-23 05:41:44 +0100 (Mon, 23 Feb 2015)\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for sudo FEDORA-2015-2281\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"sudo on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2281\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150218.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.12~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:54", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-02-25T00:00:00", "type": "openvas", "title": "Fedora Update for sudo FEDORA-2015-2247", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310869033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869033", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sudo FEDORA-2015-2247\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869033\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:41:35 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for sudo FEDORA-2015-2247\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"sudo on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2247\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150327.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.12~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:27", "description": "Gentoo Linux Local Security Checks GLSA 201504-02", "cvss3": {}, "published": "2015-09-29T00:00:00", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-02", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2018-10-26T00:00:00", "id": "OPENVAS:1361412562310121369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121369", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121369\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:46 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-02\");\n script_tag(name:\"insight\", value:\"sudo does not handle the TZ environment variable properly.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-02\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-admin/sudo\", unaffected: make_list(\"ge 1.8.12\"), vulnerable: make_list(\"lt 1.8.12\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:58", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2015-03-17T00:00:00", "type": "openvas", "title": "Ubuntu Update for sudo USN-2533-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2019-03-13T00:00:00", "id": "OPENVAS:1361412562310842132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842132", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for sudo USN-2533-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842132\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-17 06:41:20 +0100 (Tue, 17 Mar 2015)\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for sudo USN-2533-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jakub Wilk and Stephane Chazelas discovered\nthat Sudo incorrectly handled the TZ environment variable. An attacker with Sudo\naccess could possibly use this issue to open arbitrary files, bypassing intended\npermissions.\");\n script_tag(name:\"affected\", value:\"sudo on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2533-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2533-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.9p5-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.9p5-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.9p5-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.9p5-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.3p1-1ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.3p1-1ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p1-1ubuntu5.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p1-1ubuntu5.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:52:40", "description": "Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user", "cvss3": {}, "published": "2015-02-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3167-1 (sudo - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2017-07-07T00:00:00", "id": "OPENVAS:703167", "href": "http://plugins.openvas.org/nasl.php?oid=703167", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3167.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3167-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703167);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-9680\");\n script_name(\"Debian Security Advisory DSA 3167-1 (sudo - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-22 00:00:00 +0100 (Sun, 22 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3167.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"sudo on Debian Linux\");\n script_tag(name: \"insight\", value: \"Sudo is a program designed to allow a\nsysadmin to give limited root privileges to users and log root activity. The\nbasic philosophy is to give as few privileges as possible but still allow people\nto get their work done.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\");\n script_tag(name: \"summary\", value: \"Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user's environment without any sanitization. A\nuser with sudo access may take advantage of this to exploit bugs in the C\nlibrary functions which parse the TZ environment variable or to open files that\nthe user would not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.5p2-1+nmu2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.5p2-1+nmu2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:27", "description": "Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user", "cvss3": {}, "published": "2015-02-22T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 3167-1 (sudo - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2019-03-18T00:00:00", "id": "OPENVAS:1361412562310703167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703167", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3167.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3167-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703167\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-9680\");\n script_name(\"Debian Security Advisory DSA 3167-1 (sudo - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-22 00:00:00 +0100 (Sun, 22 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3167.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"sudo on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\");\n script_tag(name:\"summary\", value:\"Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user's environment without any sanitization. A\nuser with sudo access may take advantage of this to exploit bugs in the C\nlibrary functions which parse the TZ environment variable or to open files that\nthe user would not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.5p2-1+nmu2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.5p2-1+nmu2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "mageia": [{"lastseen": "2022-04-18T11:19:34", "description": "Updated sudo packages fix security vulnerability: Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block (CVE-2014-9680). The sudo package has been updated to version 1.8.12, fixing this issue and several other bugs. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-02-19T14:43:07", "type": "mageia", "title": "Updated sudo packages fix CVE-2014-9680\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-02-19T14:43:07", "id": "MGASA-2015-0079", "href": "https://advisories.mageia.org/MGASA-2015-0079.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "cve": [{"lastseen": "2023-02-09T10:18:32", "description": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2017-04-24T06:59:00", "type": "cve", "title": "CVE-2014-9680", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:sudo_project:sudo:1.8.11"], "id": "CVE-2014-9680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9680", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*"]}], "debian": [{"lastseen": "2021-12-19T11:31:58", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3167-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : sudo\nCVE ID : CVE-2014-9680\nDebian Bug : 772707\n\nJakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable from\na user's environment without any sanitization. A user with sudo access\nmay take advantage of this to exploit bugs in the C library functions\nwhich parse the TZ environment variable or to open files that the user\nwould not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-22T10:16:41", "type": "debian", "title": "[SECURITY] [DSA 3167-1] sudo security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-02-22T10:16:41", "id": "DEBIAN:DSA-3167-1:FC13A", "href": "https://lists.debian.org/debian-security-announce/2015/msg00052.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-21T22:49:25", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3167-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : sudo\nCVE ID : CVE-2014-9680\nDebian Bug : 772707\n\nJakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable from\na user's environment without any sanitization. A user with sudo access\nmay take advantage of this to exploit bugs in the C library functions\nwhich parse the TZ environment variable or to open files that the user\nwould not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-22T10:16:41", "type": "debian", "title": "[SECURITY] [DSA 3167-1] sudo security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-02-22T10:16:41", "id": "DEBIAN:DSA-3167-1:EA45C", "href": "https://lists.debian.org/debian-security-announce/2015/msg00052.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-06T17:00:25", "description": "Package : sudo\nVersion : 1.7.4p4-2.squeeze.5\nCVE ID : CVE-2014-0106 CVE-2014-9680\nDebian Bug : #772707\n\nThis update fixes the CVEs described below.\n\nCVE-2014-0106\n\n Todd C. Miller reported that if the env_reset option is disabled\n in the sudoers file, the env_delete option is not correctly\n applied to environment variables specified on the command line. A\n malicious user with sudo permissions may be able to run arbitrary\n commands with elevated privileges by manipulating the environment\n of a command the user is legitimately allowed to run.\n\nCVE-2014-9680\n\n Jakub Wilk reported that sudo preserves the TZ variable from a\n user's environment without any sanitization. A user with sudo\n access may take advantage of this to exploit bugs in the C library\n functions which parse the TZ environment variable or to open files\n that the user would not otherwise be able to open. The latter\n could potentially cause changes in system behavior when reading\n certain device special files or cause the program run via sudo to\n block.\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\n-- \nBen Hutchings - Debian developer, kernel team member\n\nAttachment:\nsignature.asc\nDescription: This is a digitally signed message part\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-02-27T20:08:38", "type": "debian", "title": "[SECURITY] [DLA 160-1] sudo security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0106", "CVE-2014-9680"], "modified": "2015-02-27T20:08:38", "id": "DEBIAN:DLA-160-1:ACCA6", "href": "https://lists.debian.org/debian-lts-announce/2015/02/msg00014.html", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3167-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nFebruary 22, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : sudo\r\nCVE ID : CVE-2014-9680\r\nDebian Bug : 772707\r\n\r\nJakub Wilk reported that sudo, a program designed to provide limited\r\nsuper user privileges to specific users, preserves the TZ variable from\r\na user's environment without any sanitization. A user with sudo access\r\nmay take advantage of this to exploit bugs in the C library functions\r\nwhich parse the TZ environment variable or to open files that the user\r\nwould not otherwise be able to open. The later could potentially cause\r\nchanges in system behavior when reading certain device special files or\r\ncause the program run via sudo to block.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 1.8.5p2-1+nmu2.\r\n\r\nWe recommend that you upgrade your sudo packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJU6aw2AAoJEAVMuPMTQ89Elh0P/3TRIvCCeRT6ujltDmOnavnZ\r\nmL43sNp69KnIPxMzqk+6AzYhvKg2p1RMzA+cngu8vPTKT9LPZz0j2gRnz2PnRIyo\r\nnteQ7PlNyA/9Riz2tRVWVnvCMdTcf3TtJ0p16sUmOJLH5zXK5GRHC25Q9fK/JMjb\r\nPRv4W0IVUqXI/N8xm8uyfNdeQ98BFn1DTX1kJllqkdgrOHImeGQA61rGcAj5Nbwr\r\n4tWrslnQmqi27A7Zz3GcmWzqc6mTzWJ1JLLsEaysKQXAkXOm8J3zyZKpUb+Sy2AG\r\ns5fDLRdXAWogkzAiJc3ilbIVvZGwIiRvHHkgDAx5eMrCftfNvTWsI45GaDyiq22P\r\nmrVj44MZjOWi2gVMkpeDXj/kgnOu8WL6w4BrTb8StW2HaAFV3wq7bjZgPTjJ/Ea+\r\nAZxUq5W41jtNJ2vkOf/Slvox8IufHHs4QayPVczRGR0B9i/nwlAL6CoLyq2bqMtQ\r\nSmzNPGXA84DIVIQbYG0Q0S5bmxvvf/dVuH4DGKG+6wrW2Dts3S7yxJCUyNWA3r/I\r\ne9M+4G2qvEZVdDHEz3bRJR/dKfmtl12w8uAAYTYPRlaaYuX6j1Pg8Oyss2O7XX3a\r\n+og5Xygo5q7bbC1Jy6hvwWCXd4bMsY6Celk8+4Pm9sekBCO7tT0puFqKarml5Nf1\r\ngG4LwpQhbHUXnH9gDS8d\r\n=em5a\r\n-----END PGP SIGNATURE-----\r\n\r\n", "cvss3": {}, "published": "2015-03-08T00:00:00", "type": "securityvulns", "title": "[SECURITY] [DSA 3167-1] sudo security update", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2015-03-08T00:00:00", "id": "SECURITYVULNS:DOC:31774", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31774", "sourceData": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:59", "description": "Elevated file access is possible.", "cvss3": {}, "published": "2015-03-08T00:00:00", "type": "securityvulns", "title": "sudo privilege escalation", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2015-03-08T00:00:00", "id": "SECURITYVULNS:VULN:14298", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14298", "sourceData": "", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:11:00", "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "securityvulns", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-06-08T19:03:08", "description": "Over 150 different vulnerabilities in system components and libraries.", "cvss3": {}, "published": "2015-08-17T00:00:00", "type": "securityvulns", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "modified": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2021-10-19T18:40:25", "description": "The sudo packages contain the sudo utility which allows system \nadministrators to provide certain users with the permission to execute \nprivileged commands, which are used for system management purposes, without \nhaving to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands via\nsudo could possibly use this flaw to achieve system state changes not\npermitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs:\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this update,\nSIGPIPE handler is properly restored in the function that reads passwords\nfrom the user, and the child processes no longer ignore SIGPIPE. As a\nresult, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did\nnot honor the user-defined sudoOrder attribute. Consequently, sudo rules\nwere processed in an undefined order even when the user defined the order\nin sudoOrder. The implementation of SSSD support in sudo has been modified\nto sort the rules according to the sudoOrder value, and sudo rules are now\nsorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when\na sudoers source was mentioned multiple times in the /etc/nsswitch.conf\nfile. The problem occurred when nsswitch.conf contained, for example, the\n\"sudoers: files sss sss\" entry. The sudoers source processing code has been\nfixed to correctly handle multiple instances of the same sudoers source.\nAs a result, sudo no longer hangs when a sudoers source is mentioned\nmultiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement:\n\n* The sudo utility now supports I/O logs compressed using the zlib library.\nWith this update, sudo can generate zlib compressed I/O logs and also\nprocess zlib compressed I/O logs generated by other versions of sudo with\nzlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2015-07-22T00:00:00", "type": "redhat", "title": "(RHSA-2015:1409) Moderate: sudo security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2018-06-06T16:24:14", "id": "RHSA-2015:1409", "href": "https://access.redhat.com/errata/RHSA-2015:1409", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2021-05-13T09:23:39", "description": "[1.8.6p3-19]\n- RHEL-6.7 erratum\n - modified the authlogicfix patch to fix #1144448\n - fixed a bug in the ldapusermatchfix patch\n Resolves: rhbz#1144448\n Resolves: rhbz#1142122\n[1.8.6p3-18]\n- RHEL-6.7 erratum\n - fixed the mantypos-ldap.patch\n Resolves: rhbz#1138267\n[1.8.6p3-17]\n- RHEL-6.7 erratum\n - added patch for CVE-2014-9680\n - added BuildRequires for tzdata\n Resolves: rhbz#1200253\n[1.8.6p3-16]\n- RHEL-6.7 erratum\n - added zlib-devel build required to enable zlib compression support\n - fixed two typos in the sudoers.ldap man page\n - fixed a hang when duplicate nss entries are specified in nsswitch.conf\n - SSSD: implemented sorting of the result entries according to the\n sudoOrder attribute\n - LDAP: fixed logic handling the computation of the 'user matched' flag\n - fixed restoring of the SIGPIPE signal in the tgetpass function\n - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD\n Resolves: rhbz#1106433\n Resolves: rhbz#1138267\n Resolves: rhbz#1147498\n Resolves: rhbz#1138581\n Resolves: rhbz#1142122\n Resolves: rhbz#1094548\n Resolves: rhbz#1144448", "cvss3": {}, "published": "2015-07-28T00:00:00", "type": "oraclelinux", "title": "sudo security, bug fix, and enhancement update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2014-9680"], "modified": "2015-07-28T00:00:00", "id": "ELSA-2015-1409", "href": "http://linux.oracle.com/errata/ELSA-2015-1409.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2023-01-01T05:09:05", "description": "**CentOS Errata and Security Advisory** CESA-2015:1409\n\n\nThe sudo packages contain the sudo utility which allows system \nadministrators to provide certain users with the permission to execute \nprivileged commands, which are used for system management purposes, without \nhaving to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands via\nsudo could possibly use this flaw to achieve system state changes not\npermitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs:\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this update,\nSIGPIPE handler is properly restored in the function that reads passwords\nfrom the user, and the child processes no longer ignore SIGPIPE. As a\nresult, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did\nnot honor the user-defined sudoOrder attribute. Consequently, sudo rules\nwere processed in an undefined order even when the user defined the order\nin sudoOrder. The implementation of SSSD support in sudo has been modified\nto sort the rules according to the sudoOrder value, and sudo rules are now\nsorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when\na sudoers source was mentioned multiple times in the /etc/nsswitch.conf\nfile. The problem occurred when nsswitch.conf contained, for example, the\n\"sudoers: files sss sss\" entry. The sudoers source processing code has been\nfixed to correctly handle multiple instances of the same sudoers source.\nAs a result, sudo no longer hangs when a sudoers source is mentioned\nmultiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement:\n\n* The sudo utility now supports I/O logs compressed using the zlib library.\nWith this update, sudo can generate zlib compressed I/O logs and also\nprocess zlib compressed I/O logs generated by other versions of sudo with\nzlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n\n\n**Merged security bulletin from advisories:**\nhttps://lists.centos.org/pipermail/centos-cr-announce/2015-July/021611.html\n\n**Affected packages:**\nsudo\nsudo-devel\n\n**Upstream details at:**\nhttps://access.redhat.com/errata/RHSA-2015:1409", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2015-07-26T14:12:38", "type": "centos", "title": "sudo security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2015-07-26T14:12:38", "id": "CESA-2015:1409", "href": "https://lists.centos.org/pipermail/centos-cr-announce/2015-July/021611.html", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "f5": [{"lastseen": "2020-04-06T22:39:59", "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.2.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.2.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-06-26T23:40:00", "type": "f5", "title": "Sudo vulnerabilities CVE-2014-9680, CVE-2016-7032, CVE-2016-7076, and CVE-2016-7077", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-7032", "CVE-2016-7077", "CVE-2016-7076", "CVE-2014-9680"], "modified": "2018-09-13T21:17:00", "id": "F5:K49229034", "href": "https://support.f5.com/csp/article/K49229034", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}]}
Security Bulletin: A vulnerability in sudo affects IBM Security Network Intrusion Prevention System (CVE-2014-9680)
