Lucene search

K
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_11_1_SUDO-100301.NASL
HistoryMar 09, 2010 - 12:00 a.m.

openSUSE Security Update : sudo (sudo-2083)

2010-03-0900:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
14

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%

This update fixes two security issues :

  • CVE-2010-0427:CVSS v2 Base Score: 6.6 Sudo failed to properly reset group permissions, when β€˜runas_default’ option was used. If a local, unprivileged user was authorized by sudoers file to perform their sudo commands under default user account, it could lead to privilege escalation CVE-2010-0426:CVSS v2 Base Score:
    6.6 A privilege escalation flaw was found in the way sudo used to check file paths for pseudocommands. If local, unprivileged user was authorized by sudoers file to edit one or more files, it could lead to execution of arbitrary code, with the privileges of privileged system user (root).
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update sudo-2083.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(45012);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-0426", "CVE-2010-0427");

  script_name(english:"openSUSE Security Update : sudo (sudo-2083)");
  script_summary(english:"Check for the sudo-2083 patch");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes two security issues :

  - CVE-2010-0427:CVSS v2 Base Score: 6.6 Sudo failed to
    properly reset group permissions, when 'runas_default'
    option was used. If a local, unprivileged user was
    authorized by sudoers file to perform their sudo
    commands under default user account, it could lead to
    privilege escalation CVE-2010-0426:CVSS v2 Base Score:
    6.6 A privilege escalation flaw was found in the way
    sudo used to check file paths for pseudocommands. If
    local, unprivileged user was authorized by sudoers file
    to edit one or more files, it could lead to execution of
    arbitrary code, with the privileges of privileged system
    user (root)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=582555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=582556"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected sudo package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:sudo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE11\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE11.1", reference:"sudo-1.6.9p17-10.37.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
}
VendorProductVersionCPE
novellopensusesudop-cpe:/a:novell:opensuse:sudo
novellopensuse11.1cpe:/o:novell:opensuse:11.1

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%