Lucene search

K

EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2237)

๐Ÿ—“๏ธย 21 Oct 2020ย 00:00:00Reported byย This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.Typeย 
nessus
ย nessus
๐Ÿ”—ย www.tenable.com๐Ÿ‘ย 25ย Views

EulerOS 2.0 SP9 sudo package vulnerable to stack-based buffer overflo

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OSV
sudo - security update
1 Feb 202000:00
โ€“osv
OSV
CVE-2019-18634
29 Jan 202018:15
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
sudo - security update
1 Feb 202000:00
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
Red Hat Security Advisory: sudo security update
16 Sep 202403:30
โ€“osv
OSV
sudo-1.9.7p2-1.4 on GA media
15 Jun 202400:00
โ€“osv
The Hacker News
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
3 Feb 202015:35
โ€“thn
Tenable Nessus
Scientific Linux Security Update : sudo on SL7.x x86_64 (20200218)
19 Feb 202000:00
โ€“nessus
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(141764);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/11");

  script_cve_id("CVE-2019-18634");

  script_name(english:"EulerOS 2.0 SP9 : sudo (EulerOS-SA-2020-2237)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the sudo package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - In Sudo before 1.8.26, if pwfeedback is enabled in
    /etc/sudoers, users can trigger a stack-based buffer
    overflow in the privileged sudo process. (pwfeedback is
    a default setting in Linux Mint and elementary OS
    however, it is NOT the default for upstream and many
    other packages, and would exist only if enabled by an
    administrator.) The attacker needs to deliver a long
    string to the stdin of getln() in
    tgetpass.c.(CVE-2019-18634)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2237
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c7941691");
  script_set_attribute(attribute:"solution", value:
"Update the affected sudo package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18634");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/10/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/10/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sudo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["sudo-1.8.27-5.h6.eulerosv2r9"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Oct 2020 00:00Current
0.1Low risk
Vulners AI Score0.1
CVSS24.6
CVSS37.8
EPSS0.002
25
.json
Report