EulerOS 2.0 SP8 sudo vulnerabilitie
Reporter | Title | Published | Views | Family All 183 |
---|---|---|---|---|
![]() | EulerOS Virtualization 3.0.6.0 : sudo (EulerOS-SA-2020-1785) | 1 Jul 202000:00 | – | nessus |
![]() | EulerOS Virtualization for ARM 64 3.0.2.0 : sudo (EulerOS-SA-2020-1564) | 1 May 202000:00 | – | nessus |
![]() | EulerOS 2.0 SP2 : sudo (EulerOS-SA-2020-1662) | 17 Jun 202000:00 | – | nessus |
![]() | Fedora 31 : sudo (2020-8b563bc5f4) | 6 Mar 202000:00 | – | nessus |
![]() | EulerOS Virtualization for ARM 64 3.0.6.0 : sudo (EulerOS-SA-2020-1349) | 2 Apr 202000:00 | – | nessus |
![]() | EulerOS 2.0 SP3 : sudo (EulerOS-SA-2020-1435) | 15 Apr 202000:00 | – | nessus |
![]() | EulerOS Virtualization 3.0.2.2 : sudo (EulerOS-SA-2020-2196) | 21 Oct 202000:00 | – | nessus |
![]() | EulerOS 2.0 SP5 : sudo (EulerOS-SA-2020-1135) | 24 Feb 202000:00 | – | nessus |
![]() | RHEL 8 : sudo (RHSA-2020:1804) | 18 Nov 202000:00 | – | nessus |
![]() | Photon OS 3.0: Sudo PHSA-2020-3.0-0051 | 23 Jul 202400:00 | – | nessus |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(134015);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/18");
script_cve_id("CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234");
script_name(english:"EulerOS 2.0 SP8 : sudo (EulerOS-SA-2020-1181)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the sudo package installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :
- In Sudo before 1.8.26, if pwfeedback is enabled in
/etc/sudoers, users can trigger a stack-based buffer
overflow in the privileged sudo process. (pwfeedback is
a default setting in Linux Mint and elementary OS
however, it is NOT the default for upstream and many
other packages, and would exist only if enabled by an
administrator.) The attacker needs to deliver a long
string to the stdin of getln() in
tgetpass.c.(CVE-2019-18634)
- ** DISPUTED ** In Sudo through 1.8.29, an attacker with
access to a Runas ALL sudoer account can impersonate a
nonexistent user by invoking sudo with a numeric uid
that is not associated with any user. NOTE: The
software maintainer believes that this is not a
vulnerability because running a command via sudo as a
user not present in the local password database is an
intentional feature. Because this behavior surprised
some users, sudo 1.8.30 introduced an option to
enable/disable this behavior with the default being
disabled. However, this does not change the fact that
sudo was behaving as intended, and as documented, in
earlier versions.(CVE-2019-19232)
- ** DISPUTED ** In Sudo through 1.8.29, the fact that a
user has been blocked (e.g., by using the ! character
in the shadow file instead of a password hash) is not
considered, allowing an attacker (who has access to a
Runas ALL sudoer account) to impersonate any blocked
user. NOTE: The software maintainer believes that this
CVE is not valid. Disabling local password
authentication for a user is not the same as disabling
all access to that user--the user may still be able to
login via other means (ssh key, kerberos, etc). Both
the Linux shadow(5) and passwd(1) manuals are clear on
this. Indeed it is a valid use case to have local
accounts that are _only_ accessible via sudo and that
cannot be logged into with a password. Sudo 1.8.30
added an optional setting to check the _shell_ of the
target user (not the encrypted password!) against the
contents of /etc/shells but that is not the same thing
as preventing access to users with an invalid password
hash.(CVE-2019-19234)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1181
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f65af167");
script_set_attribute(attribute:"solution", value:
"Update the affected sudo packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19234");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-18634");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sudo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["sudo-1.8.23-3.h13.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo