update to latest development version 1.9.0b1
added sudo_logsrvd and sudo_sendlog to files and their appropriate man pages Resolves: rhbz#1787823
Stack based buffer overflow in when pwfeedback is enabled Resolves: rhbz#1796945
fixes: CVE-2019-18634
By using ! character in the shadow file instead of a password hash can access to a run as all sudoer account Resolves: rhbz#1786709
fixes CVE-2019-19234
attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user Resolves: rhbz#1786705
fixes CVE-2019-19232
setrlimit(RLIMIT_CORE): Operation not permitted warning message fix Resolves: rhbz#1773148
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2020-8b563bc5f4.
#
include('compat.inc');
if (description)
{
script_id(134253);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/25");
script_cve_id("CVE-2019-18634", "CVE-2019-19232", "CVE-2019-19234");
script_xref(name:"FEDORA", value:"2020-8b563bc5f4");
script_name(english:"Fedora 31 : sudo (2020-8b563bc5f4)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing a security update.");
script_set_attribute(attribute:"description", value:
"- update to latest development version 1.9.0b1
- added sudo_logsrvd and sudo_sendlog to files and their
appropriate man pages Resolves: rhbz#1787823
- Stack based buffer overflow in when pwfeedback is
enabled Resolves: rhbz#1796945
- fixes: CVE-2019-18634
- By using ! character in the shadow file instead of a
password hash can access to a run as all sudoer account
Resolves: rhbz#1786709
- fixes CVE-2019-19234
- attacker with access to a Runas ALL sudoer account can
impersonate a nonexistent user Resolves: rhbz#1786705
- fixes CVE-2019-19232
- setrlimit(RLIMIT_CORE): Operation not permitted warning
message fix Resolves: rhbz#1773148
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2020-8b563bc5f4");
script_set_attribute(attribute:"solution", value:
"Update the affected sudo package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19234");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-18634");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/12/19");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:sudo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC31", reference:"sudo-1.9.0-0.1.b1.fc31")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | sudo | p-cpe:/a:fedoraproject:fedora:sudo |
fedoraproject | fedora | 31 | cpe:/o:fedoraproject:fedora:31 |