Lucene search

FreeBSD Ports: sudo

The installed version of sudo has a vulnerability with the 'sudoedit' function that allows an attacker to gain access to files

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 5
CVE	CVE-2004-1689	20 Feb 200505:00	–	cve
OpenVAS	FreeBSD Ports: sudo	4 Sep 200800:00	–	openvas
Cvelist	CVE-2004-1689	20 Feb 200505:00	–	cvelist
NVD	CVE-2004-1689	16 Sep 200404:00	–	nvd
Debian CVE	CVE-2004-1689	20 Feb 200505:00	–	debiancve

Source	Link
vuxml	www.vuxml.org/freebsd/a268ef4a-0b35-11d9-8a8a-000c41e2cdad.html
securityfocus	www.securityfocus.com/bid/11204
sudo	www.sudo.ws/sudo/alerts/sudoedit.html

# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.52382");
  script_version("2023-07-26T05:05:09+0000");
  script_tag(name:"last_modification", value:"2023-07-26 05:05:09 +0000 (Wed, 26 Jul 2023)");
  script_tag(name:"creation_date", value:"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)");
  script_cve_id("CVE-2004-1689");
  script_tag(name:"cvss_base", value:"2.1");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_name("FreeBSD Ports: sudo");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2008 E-Soft Inc.");
  script_family("FreeBSD Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/freebsd", "ssh/login/freebsdrel");

  script_tag(name:"insight", value:"The following package is affected: sudo

The installed version of sudo has a vulnerability
with the 'sudoedit' function that allows an attacker
to gain access to files to which they normally would
not have access.");

  script_tag(name:"solution", value:"Update your system with the appropriate patches or
  software upgrades.");

  script_xref(name:"URL", value:"http://www.sudo.ws/sudo/alerts/sudoedit.html");
  script_xref(name:"URL", value:"http://www.securityfocus.com/bid/11204");
  script_xref(name:"URL", value:"http://www.vuxml.org/freebsd/a268ef4a-0b35-11d9-8a8a-000c41e2cdad.html");

  script_tag(name:"summary", value:"The remote host is missing an update to the system
  as announced in the referenced advisory.");

  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-bsd.inc");

vuln = FALSE;
txt = "";

bver = portver(pkg:"sudo");
if(!isnull(bver) && revcomp(a:bver, b:"1.6.8")==0) {
  txt += 'Package sudo version ' + bver + ' is installed which is known to be vulnerable.\n';
  vuln = TRUE;
}

if(vuln) {
  security_message(data:txt);
} else if (__pkg_match) {
  exit(99);
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

04 Sep 2008 00:00Current

7.1High risk

Vulners AI Score7.1

CVSS22.1

EPSS0.00167