Lucene search
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.CENTOS_RHSA-2014-0266.NASLHistoryMar 11, 2014 - 12:00 a.m.
CentOS 5 : sudo (CESA-2014:0266)
2014-03-1100:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.
The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root.
A flaw was found in the way sudo handled its blacklist of environment variables. When the ‘env_reset’ option was disabled, a user permitted to run certain commands via sudo could use this flaw to run such a command with one of the blacklisted environment variables set, allowing them to run an arbitrary command with the target user’s privileges. (CVE-2014-0106)
Note: This issue does not affect the default configuration of the sudo package as shipped with Red Hat Enterprise Linux 5.
Red Hat would like to thank Todd C. Miller for reporting this issue.
Upstream acknowledges Sebastien Macke as the original reporter.
All sudo users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2014:0266 and
# CentOS Errata and Security Advisory 2014:0266 respectively.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(72910);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_cve_id("CVE-2014-0106");
script_bugtraq_id(65997);
script_xref(name:"RHSA", value:"2014:0266");
script_name(english:"CentOS 5 : sudo (CESA-2014:0266)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote CentOS host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"An updated sudo package that fixes one security issue is now available
for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having
Moderate security impact. A Common Vulnerability Scoring System (CVSS)
base score, which gives a detailed severity rating, is available from
the CVE link in the References section.
The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.
A flaw was found in the way sudo handled its blacklist of environment
variables. When the 'env_reset' option was disabled, a user permitted
to run certain commands via sudo could use this flaw to run such a
command with one of the blacklisted environment variables set,
allowing them to run an arbitrary command with the target user's
privileges. (CVE-2014-0106)
Note: This issue does not affect the default configuration of the sudo
package as shipped with Red Hat Enterprise Linux 5.
Red Hat would like to thank Todd C. Miller for reporting this issue.
Upstream acknowledges Sebastien Macke as the original reporter.
All sudo users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue."
);
# https://lists.centos.org/pipermail/centos-announce/2014-March/020194.html
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?65464c75"
);
script_set_attribute(attribute:"solution", value:"Update the affected sudo package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0106");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sudo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5");
script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"patch_publication_date", value:"2014/03/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/11");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"CentOS Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/CentOS/release");
if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
os_ver = os_ver[1];
if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x", "CentOS " + os_ver);
if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
flag = 0;
if (rpm_check(release:"CentOS-5", reference:"sudo-1.7.2p1-29.el5_10")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
}
Related
suse
suse
Security update for sudo (important)
2014-04-03 20:04:17
nessus
nessus
Oracle Linux 5 : sudo (ELSA-2014-0266)
2014-03-11 00:00:00
RHEL 5 : sudo (RHSA-2014:0266)
2014-03-11 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)
2014-03-11 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2014-06-27 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-064-01)
2022-04-21 00:00:00
RedHat Update for sudo RHSA-2014:0266-01
2014-03-12 00:00:00
CentOS Update for sudo CESA-2014:0266 centos5
2014-03-12 00:00:00
oraclelinux
oraclelinux
sudo security update
2014-03-10 00:00:00
veracode
veracode
Authorization Bypass
2019-01-15 08:58:20
ubuntu
ubuntu
Sudo vulnerabilities
2014-03-13 00:00:00
prion
prion
Command injection
2014-03-11 19:37:00
securityvulns
securityvulns
sudo security vulnerabilities
2014-03-18 00:00:00
[USN-2146-1] Sudo vulnerabilities
2014-03-18 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
cve
cve
CVE-2014-0106
2014-03-11 19:37:00
debiancve
debiancve
CVE-2014-0106
2014-03-11 19:37:00
slackware
slackware
[slackware-security] sudo
2014-03-06 05:36:43
redhat
redhat
(RHSA-2014:0266) Moderate: sudo security update
2014-03-10 00:00:00
ubuntucve
ubuntucve
CVE-2014-0106
2014-03-11 00:00:00
seebug
seebug
Todd Miller Sudo 'validate_env_vars()'本地权限提升漏洞
2014-03-12 00:00:00
centos
centos
sudo security update
2014-03-10 16:34:59
debian
debian
[SECURITY] [DLA 160-1] sudo security update
2015-02-27 20:09:11
osv
osv
sudo - security update
2015-02-27 00:00:00
Related for CENTOS_RHSA-2014-0266.NASL