Lucene search
Copyright (C) 2013 Greenbone AGOPENVAS:1361412562310841349HistoryMar 05, 2013 - 12:00 a.m.
Ubuntu: Security Advisory (USN-1754-1)
2013-03-0500:00:00
Copyright (C) 2013 Greenbone AG
plugins.openvas.org
11
6.7 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
12.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2013 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841349");
script_cve_id("CVE-2013-1775");
script_tag(name:"creation_date", value:"2013-03-05 04:19:10 +0000 (Tue, 05 Mar 2013)");
script_version("2024-02-02T05:06:04+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:04 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_name("Ubuntu: Security Advisory (USN-1754-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2013 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(10\.04\ LTS|11\.10|12\.04\ LTS|12\.10|8\.04\ LTS)");
script_xref(name:"Advisory-ID", value:"USN-1754-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-1754-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'sudo' package(s) announced via the USN-1754-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Marco Schoepl discovered that Sudo incorrectly handled time stamp files
when the system clock is set to epoch. A local attacker could use this
issue to run Sudo commands without a password prompt.");
script_tag(name:"affected", value:"'sudo' package(s) on Ubuntu 8.04, Ubuntu 10.04, Ubuntu 11.10, Ubuntu 12.04, Ubuntu 12.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU10.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.7.2p1-1ubuntu5.6", rls:"UBUNTU10.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.7.2p1-1ubuntu5.6", rls:"UBUNTU10.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU11.10") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.7.4p6-1ubuntu2.2", rls:"UBUNTU11.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.7.4p6-1ubuntu2.2", rls:"UBUNTU11.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU12.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.8.3p1-1ubuntu3.4", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.3p1-1ubuntu3.4", rls:"UBUNTU12.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU12.10") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.8.5p2-1ubuntu1.1", rls:"UBUNTU12.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.5p2-1ubuntu1.1", rls:"UBUNTU12.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU8.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.6.9p10-1ubuntu3.10", rls:"UBUNTU8.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.6.9p10-1ubuntu3.10", rls:"UBUNTU8.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Ubuntu Update for sudo USN-1754-1
2013-03-05 00:00:00
Fedora Update for sudo FEDORA-2013-3297
2013-03-19 00:00:00
Slackware: Security Advisory (SSA:2013-065-01)
2022-04-21 00:00:00
canvas
canvas
Immunity Canvas: SUDO_TIMESTAMP
2013-03-05 21:38:00
thn
thn
threatpost
threatpost
Metasploit Module Adds Sudo Vulnerability for OS X
2013-08-29 13:28:56
Time Stamp Bug in Sudo Could Have Allowed Code Entry
2013-03-05 18:17:50
nessus
nessus
securityvulns
securityvulns
[USN-1754-1] Sudo vulnerability
2013-03-02 00:00:00
sudo protection bypass
2013-03-10 00:00:00
Apple Mac OS X / OS X Server multiple security vulnerabilities
2015-08-17 00:00:00
veracode
veracode
Authentication Bypass
2019-01-15 08:51:56
Improper Input Validation
2019-05-02 04:59:14
Authentication Bypass
2019-05-02 04:59:14
zdt
zdt
Mac OS X Sudo Password Bypass Vulnerability
2013-08-27 00:00:00
seebug
seebug
Mac OS X Sudo Password Bypass
2014-07-01 00:00:00
metasploit
metasploit
Mac OS X Sudo Password Bypass
2013-08-26 19:52:51
packetstorm
packetstorm
Mac OS X 10.8.4 Local Privilege Escalation
2013-08-30 00:00:00
Mac OS X Sudo Password Bypass
2013-08-26 00:00:00
ubuntucve
ubuntucve
CVE-2013-1775
2013-02-27 00:00:00
freebsd
freebsd
sudo -- Authentication bypass when clock is reset
2013-02-27 00:00:00
ubuntu
ubuntu
Sudo vulnerability
2013-02-28 00:00:00
prion
prion
Code injection
2013-03-05 21:38:00
cve
cve
CVE-2013-1775
2013-03-05 21:38:00
debiancve
debiancve
CVE-2013-1775
2013-03-05 21:38:00
exploitdb
exploitdb
Apple Mac OSX - Sudo Password Bypass (Metasploit)
2013-08-29 00:00:00
osv
osv
sudo - several issues
2013-03-09 00:00:00
debian
debian
[SECURITY] [DSA 2642-1] sudo security update
2013-03-09 08:35:30
slackware
slackware
sudo
2013-03-06 20:52:08
fedora
fedora
[SECURITY] Fedora 18 Update: sudo-1.8.6p7-1.fc18
2013-03-16 01:22:34
[SECURITY] Fedora 17 Update: sudo-1.8.6p7-1.fc17
2013-03-19 20:04:50
centos
centos
sudo security update
2013-11-26 13:33:00
sudo security update
2013-10-07 13:01:59
oraclelinux
oraclelinux
sudo security, bug fix and enhancement update
2013-11-25 00:00:00
sudo security and bug fix update
2013-10-02 00:00:00
amazon
amazon
Low: sudo
2013-12-11 20:34:00
redhat
redhat
(RHSA-2013:1701) Low: sudo security, bug fix and enhancement update
2013-11-21 00:00:00
(RHSA-2013:1353) Low: sudo security and bug fix update
2013-09-30 16:52:28
(RHSA-2013:1527) Important: rhev-hypervisor6 security and bug fix update
2013-11-21 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2014-01-21 00:00:00
6.7 Medium
AI Score
Confidence
Low
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
12.2%
Related for OPENVAS:1361412562310841349