| Reporter | Title | Published | Views | Family All 459 |
|---|---|---|---|---|
| Exploit for Race Condition in Canonical Ubuntu_Linux | 10 Nov 202110:33 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 14 Apr 202123:08 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 12 Oct 202120:51 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 23 Nov 202116:28 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 14 Mar 202122:44 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 27 Sep 202114:38 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 11 Dec 202100:59 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 27 Aug 202116:41 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 1 Feb 202121:54 | ā | gitee | |
| Exploit for Off-by-one Error in Sudo_Project Sudo | 18 Mar 202116:49 | ā | gitee |
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(147695);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/18");
script_cve_id("CVE-2021-3156");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/27");
script_name(english:"EulerOS Virtualization 2.9.0 : sudo (EulerOS-SA-2021-1669)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the sudo package installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :
- Sudo (superuser do) allows a system administrator to
give certain users (or groups of users) the ability to
run some (or all) commands as root while logging all
commands and arguments. Sudo operates on a per-command
basis. It is not a replacement for the shell. Features
include: the ability to restrict what commands a user
may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did
what), a configurable timeout of the sudo command, and
the ability to use the same configuration file
(sudoers) on many different machines.Security Fix(es):A
flaw was found in sudo. A heap-based buffer overflow
was found in the way sudo parses command line
arguments. This flaw is exploitable by any local user
who can execute the sudo command (by default, any local
user can execute sudo) without authentication.
Successful exploitation of this flaw could lead to
privilege escalation. The highest threat from this
vulnerability is to data confidentiality and integrity
as well as system availability.(CVE-2021-3156)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1669
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a1966fef");
script_set_attribute(attribute:"solution", value:
"Update the affected sudo package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3156");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'Sudo Heap-Based Buffer Overflow');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:"CANVAS");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sudo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["sudo-1.8.27-5.h9.eulerosv2r9"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
}
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation