Lucene search

K
nessusThis script is Copyright (C) 2010-2021 Tenable Network Security, Inc.SUSE_11_SUDO-100301.NASL
HistoryMar 09, 2010 - 12:00 a.m.

SuSE 11 Security Update : sudo (SAT Patch Number 2084)

2010-03-0900:00:00
This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.
www.tenable.com
20

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%

This update fixes two security issues :

  • Sudo failed to properly reset group permissions, when β€˜runas_default’ option was used. If a local, unprivileged user was authorized by sudoers file to perform their sudo commands under default user account, it could lead to privilege escalation. (CVE-2010-0427 :
    CVSS v2 Base Score: 6.6)

  • A privilege escalation flaw was found in the way sudo used to check file paths for pseudocommands. If local, unprivileged user was authorized by sudoers file to edit one or more files, it could lead to execution of arbitrary code, with the privileges of privileged system user (root). (CVE-2010-0426 : CVSS v2 Base Score: 6.6)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#

if (NASL_LEVEL < 3000) exit(0);

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(45014);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2010-0426", "CVE-2010-0427");

  script_name(english:"SuSE 11 Security Update : sudo (SAT Patch Number 2084)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 11 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update fixes two security issues :

  - Sudo failed to properly reset group permissions, when
    'runas_default' option was used. If a local,
    unprivileged user was authorized by sudoers file to
    perform their sudo commands under default user account,
    it could lead to privilege escalation. (CVE-2010-0427 :
    CVSS v2 Base Score: 6.6)

  - A privilege escalation flaw was found in the way sudo
    used to check file paths for pseudocommands. If local,
    unprivileged user was authorized by sudoers file to edit
    one or more files, it could lead to execution of
    arbitrary code, with the privileges of privileged system
    user (root). (CVE-2010-0426 : CVSS v2 Base Score: 6.6)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=582555"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.novell.com/show_bug.cgi?id=582556"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-0426.html"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2010-0427.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply SAT patch number 2084.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_cwe_id(264);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:sudo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");

  script_set_attribute(attribute:"patch_publication_date", value:"2010/03/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/09");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);

pl = get_kb_item("Host/SuSE/patchlevel");
if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");


flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"sudo-1.6.9p17-21.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"sudo-1.6.9p17-21.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"sudo-1.6.9p17-21.3.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
novellsuse_linux11p-cpe:/a:novell:suse_linux:11:sudo
novellsuse_linux11cpe:/o:novell:suse_linux:11

6.9 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

10.1%