ID OPENVAS:1361412562310841754 Type openvas Reporter Copyright (C) 2014 Greenbone Networks GmbH Modified 2019-03-13T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_ubuntu_USN_2146_1.nasl 14140 2019-03-13 12:26:09Z cfischer $
#
# Ubuntu Update for sudo USN-2146-1
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.841754");
script_version("$Revision: 14140 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $");
script_tag(name:"creation_date", value:"2014-03-17 13:46:26 +0530 (Mon, 17 Mar 2014)");
script_cve_id("CVE-2014-0106");
script_tag(name:"cvss_base", value:"6.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:S/C:C/I:C/A:C");
script_name("Ubuntu Update for sudo USN-2146-1");
script_tag(name:"affected", value:"sudo on Ubuntu 13.10,
Ubuntu 12.10,
Ubuntu 12.04 LTS,
Ubuntu 10.04 LTS");
script_tag(name:"insight", value:"Sebastien Macke discovered that Sudo incorrectly handled
blacklisted environment variables when the env_reset option was disabled.
A local attacker could use this issue to possibly run unintended commands by
using blacklisted environment variables. In a default Ubuntu installation, the
env_reset option is enabled by default. This issue only affected Ubuntu
10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)
It was discovered that the Sudo init script set a date in the past on
existing timestamp files instead of using epoch to invalidate them
completely. A local attacker could possibly modify the system time to
attempt to reuse timestamp files. This issue only applied to Ubuntu
12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)");
script_tag(name:"solution", value:"Please Install the Updated Packages.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
script_xref(name:"USN", value:"2146-1");
script_xref(name:"URL", value:"http://www.ubuntu.com/usn/usn-2146-1/");
script_tag(name:"summary", value:"The remote host is missing an update for the 'sudo'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2014 Greenbone Networks GmbH");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(12\.04 LTS|10\.04 LTS|13\.10|12\.10)");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "UBUNTU12.04 LTS")
{
if ((res = isdpkgvuln(pkg:"sudo", ver:"1.8.3p1-1ubuntu3.6", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.3p1-1ubuntu3.6", rls:"UBUNTU12.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU10.04 LTS")
{
if ((res = isdpkgvuln(pkg:"sudo", ver:"1.7.2p1-1ubuntu5.7", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.7.2p1-1ubuntu5.7", rls:"UBUNTU10.04 LTS")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU13.10")
{
if ((res = isdpkgvuln(pkg:"sudo", ver:"1.8.6p3-0ubuntu3.1", rls:"UBUNTU13.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.6p3-0ubuntu3.1", rls:"UBUNTU13.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
if(release == "UBUNTU12.10")
{
if ((res = isdpkgvuln(pkg:"sudo", ver:"1.8.5p2-1ubuntu1.2", rls:"UBUNTU12.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if ((res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.5p2-1ubuntu1.2", rls:"UBUNTU12.10")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310841754", "type": "openvas", "bulletinFamily": "scanner", "title": "Ubuntu Update for sudo USN-2146-1", "description": "The remote host is missing an update for the ", "published": "2014-03-17T00:00:00", "modified": "2019-03-13T00:00:00", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841754", "reporter": "Copyright (C) 2014 Greenbone Networks GmbH", "references": ["2146-1", "http://www.ubuntu.com/usn/usn-2146-1/"], "cvelist": ["CVE-2014-0106"], "lastseen": "2019-05-29T18:37:35", "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-0106"]}, {"type": "redhat", "idList": ["RHSA-2014:0266"]}, {"type": "oraclelinux", "idList": ["ELSA-2014-0266"]}, {"type": "centos", "idList": ["CESA-2014:0266"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121233", "OPENVAS:1361412562310123452", "OPENVAS:841754", "OPENVAS:871134", "OPENVAS:1361412562310881892", "OPENVAS:881892", "OPENVAS:1361412562310871134", "OPENVAS:1361412562310850754"]}, {"type": "nessus", "idList": ["SUSE_11_SUDO-140320.NASL", "GENTOO_GLSA-201406-30.NASL", "ORACLELINUX_ELSA-2014-0266.NASL", "ORACLEVM_OVMSA-2016-0079.NASL", "SL_20140310_SUDO_ON_SL5_X.NASL", "DEBIAN_DLA-160.NASL", "SLACKWARE_SSA_2014-064-01.NASL", "CENTOS_RHSA-2014-0266.NASL", "REDHAT-RHSA-2014-0266.NASL", "UBUNTU_USN-2146-1.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:30362", "SECURITYVULNS:VULN:14630", "SECURITYVULNS:DOC:32390", "SECURITYVULNS:VULN:13607"]}, {"type": "ubuntu", "idList": ["USN-2146-1"]}, {"type": "seebug", "idList": ["SSV:61746"]}, {"type": "slackware", "idList": ["SSA-2014-064-01"]}, {"type": "gentoo", "idList": ["GLSA-201406-30"]}, {"type": "suse", "idList": ["SUSE-SU-2014:0475-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-160-1:ACCA6"]}], "modified": "2019-05-29T18:37:35", "rev": 2}, "score": {"value": 6.6, "vector": "NONE", "modified": "2019-05-29T18:37:35", "rev": 2}, "vulnersScore": 6.6}, "pluginID": "1361412562310841754", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2146_1.nasl 14140 2019-03-13 12:26:09Z cfischer $\n#\n# Ubuntu Update for sudo USN-2146-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.841754\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:46:26 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for sudo USN-2146-1\");\n\n script_tag(name:\"affected\", value:\"sudo on Ubuntu 13.10,\n Ubuntu 12.10,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"insight\", value:\"Sebastien Macke discovered that Sudo incorrectly handled\nblacklisted environment variables when the env_reset option was disabled.\nA local attacker could use this issue to possibly run unintended commands by\nusing blacklisted environment variables. In a default Ubuntu installation, the\nenv_reset option is enabled by default. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)\n\nIt was discovered that the Sudo init script set a date in the past on\nexisting timestamp files instead of using epoch to invalidate them\ncompletely. A local attacker could possibly modify the system time to\nattempt to reuse timestamp files. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"USN\", value:\"2146-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2146-1/\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(12\\.04 LTS|10\\.04 LTS|13\\.10|12\\.10)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.3p1-1ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.3p1-1ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p1-1ubuntu5.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p1-1ubuntu5.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.6p3-0ubuntu3.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.6p3-0ubuntu3.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.5p2-1ubuntu1.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.5p2-1ubuntu1.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Ubuntu Local Security Checks"}
{"cve": [{"lastseen": "2020-12-09T19:58:19", "description": "Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly check environment variables for the env_delete restriction, which allows local users with sudo permissions to bypass intended command restrictions via a crafted environment variable.", "edition": 5, "cvss3": {}, "published": "2014-03-11T19:37:00", "title": "CVE-2014-0106", "type": "cve", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 2.7, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.6, "vectorString": "AV:L/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-0106"], "modified": "2017-12-16T02:29:00", "cpe": ["cpe:/o:apple:mac_os_x:10.10.4", "cpe:/a:todd_miller:sudo:1.7.9p1", "cpe:/a:todd_miller:sudo:1.7.2p6", "cpe:/a:todd_miller:sudo:1.7.2p2", "cpe:/a:todd_miller:sudo:1.7.4p2", "cpe:/a:todd_miller:sudo:1.7.2p5", "cpe:/a:todd_miller:sudo:1.7.10p7", "cpe:/a:todd_miller:sudo:1.7.0", "cpe:/a:todd_miller:sudo:1.7.6p2", "cpe:/a:todd_miller:sudo:1.7.4p5", "cpe:/a:todd_miller:sudo:1.6.9p21", "cpe:/a:todd_miller:sudo:1.8.4p4", "cpe:/a:todd_miller:sudo:1.6.9p23", "cpe:/a:todd_miller:sudo:1.6.9p22", "cpe:/a:todd_miller:sudo:1.7.2p7", "cpe:/a:todd_miller:sudo:1.8.3", "cpe:/a:todd_miller:sudo:1.8.1p2", "cpe:/a:todd_miller:sudo:1.7.8p2", "cpe:/a:todd_miller:sudo:1.7.10p10", "cpe:/a:todd_miller:sudo:1.7.10p4", "cpe:/a:todd_miller:sudo:1.8.1p1", "cpe:/a:todd_miller:sudo:1.7.4", "cpe:/a:todd_miller:sudo:1.7.5", "cpe:/a:todd_miller:sudo:1.7.4p1", "cpe:/a:todd_miller:sudo:1.7.10", "cpe:/a:todd_miller:sudo:1.7.10p2", "cpe:/a:todd_miller:sudo:1.7.1", "cpe:/a:todd_miller:sudo:1.8.3p1", "cpe:/a:todd_miller:sudo:1.8.0", "cpe:/a:todd_miller:sudo:1.7.2p4", "cpe:/a:todd_miller:sudo:1.7.4p6", "cpe:/a:todd_miller:sudo:1.7.10p1", "cpe:/a:todd_miller:sudo:1.8.4", "cpe:/a:todd_miller:sudo:1.7.2", "cpe:/a:todd_miller:sudo:1.7.10p8", "cpe:/a:todd_miller:sudo:1.7.10p6", "cpe:/a:todd_miller:sudo:1.6.9", "cpe:/a:todd_miller:sudo:1.8.4p5", "cpe:/a:todd_miller:sudo:1.7.3b1", "cpe:/a:todd_miller:sudo:1.7.10p5", "cpe:/a:todd_miller:sudo:1.8.2", "cpe:/a:todd_miller:sudo:1.7.2p3", "cpe:/a:todd_miller:sudo:1.7.10p3", "cpe:/a:todd_miller:sudo:1.7.8", "cpe:/a:todd_miller:sudo:1.8.4p3", "cpe:/a:todd_miller:sudo:1.8.1", "cpe:/a:todd_miller:sudo:1.7.8p1", "cpe:/a:todd_miller:sudo:1.6.9p20", "cpe:/a:todd_miller:sudo:1.8.4p2", "cpe:/a:todd_miller:sudo:1.7.2p1", "cpe:/a:todd_miller:sudo:1.7.6p1", "cpe:/a:todd_miller:sudo:1.7.9", "cpe:/a:todd_miller:sudo:1.8.4p1", "cpe:/a:todd_miller:sudo:1.7.4p4", "cpe:/a:todd_miller:sudo:1.7.6", "cpe:/a:todd_miller:sudo:1.7.10p9", "cpe:/a:todd_miller:sudo:1.7.4p3", "cpe:/a:todd_miller:sudo:1.7.7", "cpe:/a:todd_miller:sudo:1.8.3p2"], "id": "CVE-2014-0106", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0106", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:todd_miller:sudo:1.8.1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.9p21:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.9p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.9:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.6p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.9p23:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p8:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.4p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p10:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p9:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.4p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.8p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.1p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.9p22:*:*:*:*:*:*:*", "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.4p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.8p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.6p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.3p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.9p20:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10p6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.0:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.6.9:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.3p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.4p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.1p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.10:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.8:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.8.4:*:*:*:*:*:*:*"]}], "ubuntu": [{"lastseen": "2020-07-02T11:35:37", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "description": "Sebastien Macke discovered that Sudo incorrectly handled blacklisted \nenvironment variables when the env_reset option was disabled. A local \nattacker could use this issue to possibly run unintended commands by using \nblacklisted environment variables. In a default Ubuntu installation, the \nenv_reset option is enabled by default. This issue only affected Ubuntu \n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)\n\nIt was discovered that the Sudo init script set a date in the past on \nexisting timestamp files instead of using epoch to invalidate them \ncompletely. A local attacker could possibly modify the system time to \nattempt to reuse timestamp files. This issue only applied to Ubuntu \n12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)", "edition": 5, "modified": "2014-03-13T00:00:00", "published": "2014-03-13T00:00:00", "id": "USN-2146-1", "href": "https://ubuntu.com/security/notices/USN-2146-1", "title": "Sudo vulnerabilities", "type": "ubuntu", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:36:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "Oracle Linux Local Security Checks ELSA-2014-0266", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123452", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123452", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0266", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2014-0266.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123452\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:04:00 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2014-0266\");\n script_tag(name:\"insight\", value:\"ELSA-2014-0266 - sudo security update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2014-0266\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2014-0266.html\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~29.el5_10\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310871134", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871134", "type": "openvas", "title": "RedHat Update for sudo RHSA-2014:0266-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2014:0266-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871134\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:45:06 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"RedHat Update for sudo RHSA-2014:0266-01\");\n\n\n script_tag(name:\"affected\", value:\"sudo on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"insight\", value:\"The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted to\nrun certain commands via sudo could use this flaw to run such a command\nwith one of the blacklisted environment variables set, allowing them to run\nan arbitrary command with the target user's privileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"RHSA\", value:\"2014:0266-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00014.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~29.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.7.2p1~29.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-07-27T10:49:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "Check for the Version of sudo", "modified": "2017-07-12T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:871134", "href": "http://plugins.openvas.org/nasl.php?oid=871134", "type": "openvas", "title": "RedHat Update for sudo RHSA-2014:0266-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2014:0266-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(871134);\n script_version(\"$Revision: 6688 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-12 11:49:31 +0200 (Wed, 12 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:45:06 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"RedHat Update for sudo RHSA-2014:0266-01\");\n\n tag_insight = \"The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted to\nrun certain commands via sudo could use this flaw to run such a command\nwith one of the blacklisted environment variables set, allowing them to run\nan arbitrary command with the target user's privileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\";\n\n tag_affected = \"sudo on Red Hat Enterprise Linux (v. 5 server)\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"RHSA\", value: \"2014:0266-01\");\n script_xref(name: \"URL\" , value: \"https://www.redhat.com/archives/rhsa-announce/2014-March/msg00014.html\");\n script_summary(\"Check for the Version of sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~29.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.7.2p1~29.el5_10\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-25T10:48:49", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "Check for the Version of sudo", "modified": "2017-07-10T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:881892", "href": "http://plugins.openvas.org/nasl.php?oid=881892", "type": "openvas", "title": "CentOS Update for sudo CESA-2014:0266 centos5 ", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for sudo CESA-2014:0266 centos5 \n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(881892);\n script_version(\"$Revision: 6656 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-10 13:49:38 +0200 (Mon, 10 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:27:47 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"CentOS Update for sudo CESA-2014:0266 centos5 \");\n\n tag_insight = \"The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted to\nrun certain commands via sudo could use this flaw to run such a command\nwith one of the blacklisted environment variables set, allowing them to run\nan arbitrary command with the target user's privileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\";\n\n tag_affected = \"sudo on CentOS 5\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"CESA\", value: \"2014:0266\");\n script_xref(name: \"URL\" , value: \"http://lists.centos.org/pipermail/centos-announce/2014-March/020194.html\");\n script_summary(\"Check for the Version of sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~29.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "Gentoo Linux Local Security Checks GLSA 201406-30", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121233", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121233", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201406-30", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201406-30.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121233\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:27:29 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201406-30\");\n script_tag(name:\"insight\", value:\"When the Sudo env_reset option is disabled (it is enabled by default), certain environment variables are not blacklisted as expected.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201406-30\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201406-30\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-admin/sudo\", unaffected: make_list(\"ge 1.8.5\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-admin/sudo\", unaffected: make_list(\"ge <1.6.9\"), vulnerable: make_list() )) != NULL) {\n\n report += res;\n}\nif((res=ispkgvuln(pkg:\"app-admin/sudo\", unaffected: make_list(), vulnerable: make_list(\"lt 1.8.5\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2014-03-12T00:00:00", "id": "OPENVAS:1361412562310881892", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881892", "type": "openvas", "title": "CentOS Update for sudo CESA-2014:0266 centos5", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# CentOS Update for sudo CESA-2014:0266 centos5\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.881892\");\n script_version(\"$Revision: 14222 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 13:50:48 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-12 09:27:47 +0530 (Wed, 12 Mar 2014)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"CentOS Update for sudo CESA-2014:0266 centos5\");\n\n script_tag(name:\"affected\", value:\"sudo on CentOS 5\");\n script_tag(name:\"insight\", value:\"The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted to\nrun certain commands via sudo could use this flaw to run such a command\nwith one of the blacklisted environment variables set, allowing them to run\nan arbitrary command with the target user's privileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\");\n script_tag(name:\"solution\", value:\"Please install the updated packages.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"CESA\", value:\"2014:0266\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2014-March/020194.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS5\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~29.el5_10\", rls:\"CentOS5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:37:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2015-10-13T00:00:00", "id": "OPENVAS:1361412562310850754", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850754", "type": "openvas", "title": "SUSE: Security Advisory for sudo (SUSE-SU-2014:0475-1)", "sourceData": "# Copyright (C) 2015 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850754\");\n script_version(\"2020-01-31T07:58:03+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 07:58:03 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2015-10-13 18:35:00 +0530 (Tue, 13 Oct 2015)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"SUSE: Security Advisory for sudo (SUSE-SU-2014:0475-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This collective update for sudo provides fixes for the\n following issues:\n\n * Security policy bypass when env_reset is disabled.\n (CVE-2014-0106, bnc#866503)\n\n * Regression in the previous update that causes a\n segmentation fault when running 'sudo -s'. (bnc#868444)\n\n * Command 'who -m' prints no output when using\n log_input/log_output sudo options. (bnc#863025)\n\n Security Issues references:\n\n * CVE-2014-0106\");\n\n script_tag(name:\"affected\", value:\"sudo on SUSE Linux Enterprise Server 11 SP3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"SUSE-SU\", value:\"2014:0475-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=SLES11\\.0SP3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"SLES11.0SP3\") {\n if(!isnull(res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.6p2~0.21.1\", rls:\"SLES11.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:17:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "description": "Check for the Version of sudo", "modified": "2017-12-01T00:00:00", "published": "2014-03-17T00:00:00", "id": "OPENVAS:841754", "href": "http://plugins.openvas.org/nasl.php?oid=841754", "type": "openvas", "title": "Ubuntu Update for sudo USN-2146-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_2146_1.nasl 7957 2017-12-01 06:40:08Z santu $\n#\n# Ubuntu Update for sudo USN-2146-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(841754);\n script_version(\"$Revision: 7957 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:40:08 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2014-03-17 13:46:26 +0530 (Mon, 17 Mar 2014)\");\n script_cve_id(\"CVE-2014-0106\");\n script_tag(name:\"cvss_base\", value:\"6.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_name(\"Ubuntu Update for sudo USN-2146-1\");\n\n tag_insight = \"Sebastien Macke discovered that Sudo incorrectly handled\nblacklisted environment variables when the env_reset option was disabled.\nA local attacker could use this issue to possibly run unintended commands by\nusing blacklisted environment variables. In a default Ubuntu installation, the\nenv_reset option is enabled by default. This issue only affected Ubuntu\n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)\n\nIt was discovered that the Sudo init script set a date in the past on\nexisting timestamp files instead of using epoch to invalidate them\ncompletely. A local attacker could possibly modify the system time to\nattempt to reuse timestamp files. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)\";\n\n tag_affected = \"sudo on Ubuntu 13.10 ,\n Ubuntu 12.10 ,\n Ubuntu 12.04 LTS ,\n Ubuntu 10.04 LTS\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"USN\", value: \"2146-1\");\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-2146-1/\");\n script_summary(\"Check for the Version of sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.3p1-1ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.3p1-1ubuntu3.6\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p1-1ubuntu5.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p1-1ubuntu5.7\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU13.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.6p3-0ubuntu3.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.6p3-0ubuntu3.1\", rls:\"UBUNTU13.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.5p2-1ubuntu1.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.5p2-1ubuntu1.2\", rls:\"UBUNTU12.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "slackware": [{"lastseen": "2020-10-25T16:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "description": "New sudo packages are available for Slackware 13.0, 13.1, and 13.37 to fix a\nsecurity issue.\n\n\nHere are the details from the Slackware 13.37 ChangeLog:\n\npatches/packages/sudo-1.7.10p8-i486-1_slack13.37.txz: Upgraded.\n This update fixes a security issue where if the env_reset option is disabled\n in the sudoers file, a malicious user with sudo permissions may be able to\n run arbitrary commands with elevated privileges by manipulating the\n environment of a command the user is legitimately allowed to run.\n For more information, see:\n http://www.sudo.ws/sudo/alerts/env_add.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/sudo-1.7.10p8-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/sudo-1.7.10p8-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/sudo-1.7.10p8-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/sudo-1.7.10p8-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/sudo-1.7.10p8-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/sudo-1.7.10p8-x86_64-1_slack13.37.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n88d8b8a0c6815276e62dbea65f79826f sudo-1.7.10p8-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5adb3f0aca3ffbfbc0bb016caf4fc941 sudo-1.7.10p8-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\neabca3bc1791d8938b89692ddf70469f sudo-1.7.10p8-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n5d409a3bd4477bc4220fbc034a9870e6 sudo-1.7.10p8-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n2639bf065078bf1d68ebdd7357b9e65a sudo-1.7.10p8-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n9c263bcd7211ad77c54155fd159b09ec sudo-1.7.10p8-x86_64-1_slack13.37.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg sudo-1.7.10p8-i486-1_slack13.37.txz", "modified": "2014-03-06T05:36:43", "published": "2014-03-06T05:36:43", "id": "SSA-2014-064-01", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.403080", "type": "slackware", "title": "[slackware-security] sudo", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2019-12-20T18:28:40", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "description": "**CentOS Errata and Security Advisory** CESA-2014:0266\n\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the \"env_reset\" option was disabled, a user permitted to\nrun certain commands via sudo could use this flaw to run such a command\nwith one of the blacklisted environment variables set, allowing them to run\nan arbitrary command with the target user's privileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-March/032232.html\n\n**Affected packages:**\nsudo\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0266.html", "edition": 3, "modified": "2014-03-10T16:34:59", "published": "2014-03-10T16:34:59", "href": "http://lists.centos.org/pipermail/centos-announce/2014-March/032232.html", "id": "CESA-2014:0266", "title": "sudo security update", "type": "centos", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2016-09-04T12:07:45", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "description": "This collective update for sudo provides fixes for the\n following issues:\n\n * Security policy bypass when env_reset is disabled.\n (CVE-2014-0106, bnc#866503)\n * Regression in the previous update that causes a\n segmentation fault when running "sudo -s". (bnc#868444)\n * Command "who -m" prints no output when using\n log_input/log_output sudo options. (bnc#863025)\n\n Security Issues references:\n\n * CVE-2014-0106\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0106</a>\n >\n\n", "edition": 1, "modified": "2014-04-03T20:04:17", "published": "2014-04-03T20:04:17", "id": "SUSE-SU-2014:0475-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00003.html", "type": "suse", "title": "Security update for sudo (important)", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2019-08-13T18:45:55", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "description": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the \"env_reset\" option was disabled, a user permitted to\nrun certain commands via sudo could use this flaw to run such a command\nwith one of the blacklisted environment variables set, allowing them to run\nan arbitrary command with the target user's privileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\n", "modified": "2017-09-08T12:05:28", "published": "2014-03-10T04:00:00", "id": "RHSA-2014:0266", "href": "https://access.redhat.com/errata/RHSA-2014:0266", "type": "redhat", "title": "(RHSA-2014:0266) Moderate: sudo security update", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:50", "bulletinFamily": "software", "cvelist": ["CVE-2014-0106"], "description": "\r\n\r\n==========================================================================\r\nUbuntu Security Notice USN-2146-1\r\nMarch 13, 2014\r\n\r\nsudo vulnerabilities\r\n==========================================================================\r\n\r\nA security issue affects these releases of Ubuntu and its derivatives:\r\n\r\n- Ubuntu 13.10\r\n- Ubuntu 12.10\r\n- Ubuntu 12.04 LTS\r\n- Ubuntu 10.04 LTS\r\n\r\nSummary:\r\n\r\nSeveral security issues were fixed in Sudo.\r\n\r\nSoftware Description:\r\n- sudo: Provide limited super user privileges to specific users\r\n\r\nDetails:\r\n\r\nSebastien Macke discovered that Sudo incorrectly handled blacklisted\r\nenvironment variables when the env_reset option was disabled. A local\r\nattacker could use this issue to possibly run unintended commands by using\r\nblacklisted environment variables. In a default Ubuntu installation, the\r\nenv_reset option is enabled by default. This issue only affected Ubuntu\r\n10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)\r\n\r\nIt was discovered that the Sudo init script set a date in the past on\r\nexisting timestamp files instead of using epoch to invalidate them\r\ncompletely. A local attacker could possibly modify the system time to\r\nattempt to reuse timestamp files. This issue only applied to Ubuntu\r\n12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297)\r\n\r\nUpdate instructions:\r\n\r\nThe problem can be corrected by updating your system to the following\r\npackage versions:\r\n\r\nUbuntu 13.10:\r\n sudo 1.8.6p3-0ubuntu3.1\r\n sudo-ldap 1.8.6p3-0ubuntu3.1\r\n\r\nUbuntu 12.10:\r\n sudo 1.8.5p2-1ubuntu1.2\r\n sudo-ldap 1.8.5p2-1ubuntu1.2\r\n\r\nUbuntu 12.04 LTS:\r\n sudo 1.8.3p1-1ubuntu3.6\r\n sudo-ldap 1.8.3p1-1ubuntu3.6\r\n\r\nUbuntu 10.04 LTS:\r\n sudo 1.7.2p1-1ubuntu5.7\r\n sudo-ldap 1.7.2p1-1ubuntu5.7\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nReferences:\r\n http://www.ubuntu.com/usn/usn-2146-1\r\n CVE-2014-0106, https://launchpad.net/bugs/1223297\r\n\r\nPackage Information:\r\n https://launchpad.net/ubuntu/+source/sudo/1.8.6p3-0ubuntu3.1\r\n https://launchpad.net/ubuntu/+source/sudo/1.8.5p2-1ubuntu1.2\r\n https://launchpad.net/ubuntu/+source/sudo/1.8.3p1-1ubuntu3.6\r\n https://launchpad.net/ubuntu/+source/sudo/1.7.2p1-1ubuntu5.7\r\n\r\n\r\n\r\n\r\n-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce\r\n", "edition": 1, "modified": "2014-03-18T00:00:00", "published": "2014-03-18T00:00:00", "id": "SECURITYVULNS:DOC:30362", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:30362", "title": "[USN-2146-1] Sudo vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:54", "bulletinFamily": "software", "cvelist": ["CVE-2014-0106"], "description": "Restrictions bypass", "edition": 1, "modified": "2014-03-18T00:00:00", "published": "2014-03-18T00:00:00", "id": "SECURITYVULNS:VULN:13607", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13607", "title": "sudo security vulnerabilities", "type": "securityvulns", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:29", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "edition": 1, "description": "### Background\n\nsudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. \n\n### Description\n\nWhen the Sudo env_reset option is disabled (it is enabled by default), certain environment variables are not blacklisted as expected. \n\n### Impact\n\nA local attacker, authorized to run commands using sudo, can use this flaw to execute arbitrary code or escalate his privileges. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll sudo users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/sudo-1.8.5\"", "modified": "2014-06-27T00:00:00", "published": "2014-06-27T00:00:00", "id": "GLSA-201406-30", "href": "https://security.gentoo.org/glsa/201406-30", "type": "gentoo", "title": "sudo: Privilege escalation", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T17:31:08", "description": "BUGTRAQ ID: 65997\r\nCVE(CAN) ID: CVE-2014-0106\r\n\r\nSudo\u662f\u5141\u8bb8\u7cfb\u7edf\u7ba1\u7406\u5458\u8ba9\u666e\u901a\u7528\u6237\u6267\u884c\u4e00\u4e9b\u6216\u8005\u5168\u90e8\u7684root\u547d\u4ee4\u7684\u4e00\u4e2a\u5de5\u5177\uff0c\u51cf\u5c11\u4e86root\u7528\u6237\u7684\u767b\u9646\u548c\u7ba1\u7406\u65f6\u95f4\uff0c\u63d0\u9ad8\u4e86\u5b89\u5168\u6027\u3002\r\n\r\nsudo 1.6.9-1.8.4p5\u7248\u672c\u542f\u7528\u540eenv_reset\u540e\uff0c\u6ca1\u6709\u6b63\u786e\u8fc7\u6ee4\u67d0\u4e9b\u73af\u5883\u53d8\u91cf\uff0c\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\uff0c\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u63d0\u5347\u7684\u6743\u9650\u8fd0\u884c\u4efb\u610f\u547d\u4ee4\u3002\n0\nTodd Miller Sudo 1.6.9 - 1.8.4p5\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nTodd Miller\r\n-----------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.sudo.ws/sudo/dist/", "published": "2014-03-12T00:00:00", "title": "Todd Miller Sudo 'validate_env_vars()'\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-12T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-61746", "id": "SSV:61746", "sourceData": "", "cvss": {"score": 6.6, "vector": "AV:LOCAL/AC:MEDIUM/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2020-03-18T03:18:13", "description": "Sebastien Macke discovered that Sudo incorrectly handled blacklisted\nenvironment variables when the env_reset option was disabled. A local\nattacker could use this issue to possibly run unintended commands by\nusing blacklisted environment variables. In a default Ubuntu\ninstallation, the env_reset option is enabled by default. This issue\nonly affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)\n\nIt was discovered that the Sudo init script set a date in the past on\nexisting timestamp files instead of using epoch to invalidate them\ncompletely. A local attacker could possibly modify the system time to\nattempt to reuse timestamp files. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 14, "published": "2014-03-14T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : sudo vulnerabilities (USN-2146-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-14T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:13.10", "cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:12.10", "p-cpe:/a:canonical:ubuntu_linux:sudo-ldap", "p-cpe:/a:canonical:ubuntu_linux:sudo", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"], "id": "UBUNTU_USN-2146-1.NASL", "href": "https://www.tenable.com/plugins/nessus/73016", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2146-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73016);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/12\");\n\n script_cve_id(\"CVE-2014-0106\");\n script_bugtraq_id(65997);\n script_xref(name:\"USN\", value:\"2146-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 12.10 / 13.10 : sudo vulnerabilities (USN-2146-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Sebastien Macke discovered that Sudo incorrectly handled blacklisted\nenvironment variables when the env_reset option was disabled. A local\nattacker could use this issue to possibly run unintended commands by\nusing blacklisted environment variables. In a default Ubuntu\ninstallation, the env_reset option is enabled by default. This issue\nonly affected Ubuntu 10.04 LTS and Ubuntu 12.04 LTS. (CVE-2014-0106)\n\nIt was discovered that the Sudo init script set a date in the past on\nexisting timestamp files instead of using epoch to invalidate them\ncompletely. A local attacker could possibly modify the system time to\nattempt to reuse timestamp files. This issue only applied to Ubuntu\n12.04 LTS, Ubuntu 12.10 and Ubuntu 13.10. (LP: #1223297).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2146-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:13.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2014-2020 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|12\\.10|13\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 12.10 / 13.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo\", pkgver:\"1.7.2p1-1ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo-ldap\", pkgver:\"1.7.2p1-1ubuntu5.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"sudo\", pkgver:\"1.8.3p1-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"sudo-ldap\", pkgver:\"1.8.3p1-1ubuntu3.6\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"sudo\", pkgver:\"1.8.5p2-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"12.10\", pkgname:\"sudo-ldap\", pkgver:\"1.8.5p2-1ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"sudo\", pkgver:\"1.8.6p3-0ubuntu3.1\")) flag++;\nif (ubuntu_check(osver:\"13.10\", pkgname:\"sudo-ldap\", pkgver:\"1.8.6p3-0ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-ldap\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:29:24", "description": "An updated sudo package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.", "edition": 25, "published": "2014-03-11T00:00:00", "title": "CentOS 5 : sudo (CESA-2014:0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-11T00:00:00", "cpe": ["p-cpe:/a:centos:centos:sudo", "cpe:/o:centos:centos:5"], "id": "CENTOS_RHSA-2014-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/72910", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0266 and \n# CentOS Errata and Security Advisory 2014:0266 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72910);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-0106\");\n script_bugtraq_id(65997);\n script_xref(name:\"RHSA\", value:\"2014:0266\");\n\n script_name(english:\"CentOS 5 : sudo (CESA-2014:0266)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sudo package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2014-March/020194.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?65464c75\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-0106\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 5.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-5\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:55:54", "description": "The remote host is affected by the vulnerability described in GLSA-201406-30\n(sudo: Privilege escalation)\n\n When the Sudo env_reset option is disabled (it is enabled by default),\n certain environment variables are not blacklisted as expected.\n \nImpact :\n\n A local attacker, authorized to run commands using sudo, can use this\n flaw to execute arbitrary code or escalate his privileges.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2014-06-28T00:00:00", "title": "GLSA-201406-30 : sudo: Privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-06-28T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:sudo"], "id": "GENTOO_GLSA-201406-30.NASL", "href": "https://www.tenable.com/plugins/nessus/76287", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201406-30.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(76287);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-0106\");\n script_bugtraq_id(65997);\n script_xref(name:\"GLSA\", value:\"201406-30\");\n\n script_name(english:\"GLSA-201406-30 : sudo: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201406-30\n(sudo: Privilege escalation)\n\n When the Sudo env_reset option is disabled (it is enabled by default),\n certain environment variables are not blacklisted as expected.\n \nImpact :\n\n A local attacker, authorized to run commands using sudo, can use this\n flaw to execute arbitrary code or escalate his privileges.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201406-30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All sudo users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.5'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/06/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/28\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/sudo\", unaffected:make_list(\"ge 1.8.5\", \"lt 1.6.9\"), vulnerable:make_list(\"lt 1.8.5\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-09-14T18:36:12", "description": "This collective update for sudo provides fixes for the following\nissues :\n\n - Security policy bypass when env_reset is disabled.\n (CVE-2014-0106, bnc#866503)\n\n - Regression in the previous update that causes a\n segmentation fault when running 'sudo -s'. (bnc#868444)\n\n - Command 'who -m' prints no output when using\n log_input/log_output sudo options. (bnc#863025)", "edition": 17, "published": "2014-04-04T00:00:00", "title": "SuSE 11.3 Security Update : sudo (SAT Patch Number 9044)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-04-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:sudo", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_SUDO-140320.NASL", "href": "https://www.tenable.com/plugins/nessus/73327", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(73327);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/04\");\n\n script_cve_id(\"CVE-2014-0106\");\n\n script_name(english:\"SuSE 11.3 Security Update : sudo (SAT Patch Number 9044)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This collective update for sudo provides fixes for the following\nissues :\n\n - Security policy bypass when env_reset is disabled.\n (CVE-2014-0106, bnc#866503)\n\n - Regression in the previous update that causes a\n segmentation fault when running 'sudo -s'. (bnc#868444)\n\n - Command 'who -m' prints no output when using\n log_input/log_output sudo options. (bnc#863025)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=863025\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=866503\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=868444\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2014-0106.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 9044.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/04/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 3) audit(AUDIT_OS_NOT, \"SuSE 11.3\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"i586\", reference:\"sudo-1.7.6p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:3, cpu:\"x86_64\", reference:\"sudo-1.7.6p2-0.21.1\")) flag++;\nif (rpm_check(release:\"SLES11\", sp:3, reference:\"sudo-1.7.6p2-0.21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:14:08", "description": "An updated sudo package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.", "edition": 25, "published": "2014-03-11T00:00:00", "title": "RHEL 5 : sudo (RHSA-2014:0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo", "p-cpe:/a:redhat:enterprise_linux:sudo"], "id": "REDHAT-RHSA-2014-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/72923", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2014:0266. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72923);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0106\");\n script_bugtraq_id(65997);\n script_xref(name:\"RHSA\", value:\"2014:0266\");\n\n script_name(english:\"RHEL 5 : sudo (RHSA-2014:0266)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sudo package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2014:0266\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-0106\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2014:0266\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"sudo-debuginfo-1.7.2p1-29.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"sudo-debuginfo-1.7.2p1-29.el5_10\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"sudo-debuginfo-1.7.2p1-29.el5_10\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo\");\n }\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:48:12", "description": "A flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Scientific Linux 5.", "edition": 15, "published": "2014-03-11T00:00:00", "title": "Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-11T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:sudo-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:sudo"], "id": "SL_20140310_SUDO_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/72924", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72924);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0106\");\n\n script_name(english:\"Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20140310)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Scientific Linux 5.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1403&L=scientific-linux-errata&T=0&P=584\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e1352b6b\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"sudo-debuginfo-1.7.2p1-29.el5_10\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T09:10:42", "description": "New sudo packages are available for Slackware 13.0, 13.1, and 13.37\nto fix a security issue.", "edition": 23, "published": "2014-03-06T00:00:00", "title": "Slackware 13.0 / 13.1 / 13.37 : sudo (SSA:2014-064-01)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-06T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:13.37", "cpe:/o:slackware:slackware_linux:13.0", "p-cpe:/a:slackware:slackware_linux:sudo", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2014-064-01.NASL", "href": "https://www.tenable.com/plugins/nessus/72838", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2014-064-01. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72838);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0106\");\n script_xref(name:\"SSA\", value:\"2014-064-01\");\n\n script_name(english:\"Slackware 13.0 / 13.1 / 13.37 : sudo (SSA:2014-064-01)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New sudo packages are available for Slackware 13.0, 13.1, and 13.37\nto fix a security issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.403080\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1b4392cd\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.37\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"13.0\", pkgname:\"sudo\", pkgver:\"1.7.10p8\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.7.10p8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"sudo\", pkgver:\"1.7.10p8\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.7.10p8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"13.37\", pkgname:\"sudo\", pkgver:\"1.7.10p8\", pkgarch:\"i486\", pkgnum:\"1_slack13.37\")) flag++;\nif (slackware_check(osver:\"13.37\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.7.10p8\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.37\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:48:48", "description": "From Red Hat Security Advisory 2014:0266 :\n\nAn updated sudo package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.", "edition": 22, "published": "2014-03-11T00:00:00", "title": "Oracle Linux 5 : sudo (ELSA-2014-0266)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106"], "modified": "2014-03-11T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:sudo", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2014-0266.NASL", "href": "https://www.tenable.com/plugins/nessus/72922", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2014:0266 and \n# Oracle Linux Security Advisory ELSA-2014-0266 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(72922);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-0106\");\n script_bugtraq_id(65997);\n script_xref(name:\"RHSA\", value:\"2014:0266\");\n\n script_name(english:\"Oracle Linux 5 : sudo (ELSA-2014-0266)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2014:0266 :\n\nAn updated sudo package that fixes one security issue is now available\nfor Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having\nModerate security impact. A Common Vulnerability Scoring System (CVSS)\nbase score, which gives a detailed severity rating, is available from\nthe CVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the way sudo handled its blacklist of environment\nvariables. When the 'env_reset' option was disabled, a user permitted\nto run certain commands via sudo could use this flaw to run such a\ncommand with one of the blacklisted environment variables set,\nallowing them to run an arbitrary command with the target user's\nprivileges. (CVE-2014-0106)\n\nNote: This issue does not affect the default configuration of the sudo\npackage as shipped with Red Hat Enterprise Linux 5.\n\nRed Hat would like to thank Todd C. Miller for reporting this issue.\nUpstream acknowledges Sebastien Macke as the original reporter.\n\nAll sudo users are advised to upgrade to this updated package, which\ncontains a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2014-March/004007.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2014/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/03/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T09:40:09", "description": "This update fixes the CVEs described below.\n\nCVE-2014-0106\n\nTodd C. Miller reported that if the env_reset option is disabled in\nthe sudoers file, the env_delete option is not correctly applied to\nenvironment variables specified on the command line. A malicious user\nwith sudo permissions may be able to run arbitrary commands with\nelevated privileges by manipulating the environment of a command the\nuser is legitimately allowed to run.\n\nCVE-2014-9680\n\nJakub Wilk reported that sudo preserves the TZ variable from a user's\nenvironment without any sanitization. A user with sudo access may take\nadvantage of this to exploit bugs in the C library functions which\nparse the TZ environment variable or to open files that the user would\nnot otherwise be able to open. The latter could potentially cause\nchanges in system behavior when reading certain device special files\nor cause the program run via sudo to block.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 16, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-03-26T00:00:00", "title": "Debian DLA-160-1 : sudo security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-0106", "CVE-2014-9680"], "modified": "2015-03-26T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:sudo-ldap", "p-cpe:/a:debian:debian_linux:sudo"], "id": "DEBIAN_DLA-160.NASL", "href": "https://www.tenable.com/plugins/nessus/82144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-160-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(82144);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-0106\", \"CVE-2014-9680\");\n script_bugtraq_id(65997, 72649);\n\n script_name(english:\"Debian DLA-160-1 : sudo security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes the CVEs described below.\n\nCVE-2014-0106\n\nTodd C. Miller reported that if the env_reset option is disabled in\nthe sudoers file, the env_delete option is not correctly applied to\nenvironment variables specified on the command line. A malicious user\nwith sudo permissions may be able to run arbitrary commands with\nelevated privileges by manipulating the environment of a command the\nuser is legitimately allowed to run.\n\nCVE-2014-9680\n\nJakub Wilk reported that sudo preserves the TZ variable from a user's\nenvironment without any sanitization. A user with sudo access may take\nadvantage of this to exploit bugs in the C library functions which\nparse the TZ environment variable or to open files that the user would\nnot otherwise be able to open. The latter could potentially cause\nchanges in system behavior when reading certain device special files\nor cause the program run via sudo to block.\n\nFor the oldstable distribution (squeeze), these problems have been\nfixed in version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2015/02/msg00014.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze-lts/sudo\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected sudo, and sudo-ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sudo-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"sudo\", reference:\"1.7.4p4-2.squeeze.5\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"sudo-ldap\", reference:\"1.7.4p4-2.squeeze.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T13:23:54", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - added patch for CVE-2014-0106: certain environment\n variables not sanitized when env_reset is disabled\n Resolves: rhbz#1072210\n\n - backported fixes for CVE-2013-1775 CVE-2013-1776\n (CVE-2013-2776) CVE-2013-2777 Resolves: rhbz#968221\n\n - visudo: fixed incorrect warning and parse error\n regarding undefined aliases which were in fact defined\n Resolves: rhbz#849679 Resolves: rhbz#905624\n\n - updated sudoers man-page to clarify the behavior of the\n user negation operator and the behavior of wildcard\n matching in command specifications Resolves: rhbz#846118\n Resolves: rhbz#856902\n\n - fixed regression in escaping of sudo -i arguments\n Resolves: rhbz#853203\n\n - bump release number\n\n - Fixed caching of user and group names\n\n - Backported RFC 4515 escaping of LDAP queries Resolves:\n rhbz#855836 Resolves: rhbz#869287\n\n - Add the -c option to sed commands in post/postun scripts\n Resolves: rhbz#818585\n\n - Implement a new sudoers Defaults option to restore old\n command exec behavior Resolves: rhbz#840971\n\n - Add ability to treat files authoritatively in\n sudoers.ldap Resolves: rhbz#840097\n\n - Changed policycoreutils dependency to a context specific\n dependency (post & postun) Resolves: rhbz#846694\n\n - don't use a temporary file when modifying nsswitch.conf\n\n - fix permissions on nsswitch.conf, if needed Resolves:\n rhbz#846631\n\n - added a workaround for a race condition in handling\n child processes Resolves: rhbz#829263\n\n - use safe temporary files in post/postun scripts\n\n - corrected postun script Resolves: rhbz#841070\n\n - corrected release number\n\n - call restorecon after modifying nsswitch.conf in the\n postun scriplet\n\n - added policycoreutils dependency Resolves: rhbz#818585\n\n - fixed `sudo -i' command escaping (#806073)\n\n - fixed multiple sudoHost LDAP attr. handlng (#740884)\n Resolves: rhbz#740884 Resolves: rhbz#806073", "edition": 28, "published": "2016-06-22T00:00:00", "title": "OracleVM 3.2 : sudo (OVMSA-2016-0079)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1775", "CVE-2013-1776", "CVE-2013-2777", "CVE-2013-2776", "CVE-2014-0106"], "modified": "2016-06-22T00:00:00", "cpe": ["p-cpe:/a:oracle:vm:sudo", "cpe:/o:oracle:vm_server:3.2"], "id": "ORACLEVM_OVMSA-2016-0079.NASL", "href": "https://www.tenable.com/plugins/nessus/91755", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2016-0079.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(91755);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2013-1775\", \"CVE-2013-1776\", \"CVE-2013-2776\", \"CVE-2013-2777\", \"CVE-2014-0106\");\n script_bugtraq_id(58203, 58207, 62741, 65997);\n\n script_name(english:\"OracleVM 3.2 : sudo (OVMSA-2016-0079)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - added patch for CVE-2014-0106: certain environment\n variables not sanitized when env_reset is disabled\n Resolves: rhbz#1072210\n\n - backported fixes for CVE-2013-1775 CVE-2013-1776\n (CVE-2013-2776) CVE-2013-2777 Resolves: rhbz#968221\n\n - visudo: fixed incorrect warning and parse error\n regarding undefined aliases which were in fact defined\n Resolves: rhbz#849679 Resolves: rhbz#905624\n\n - updated sudoers man-page to clarify the behavior of the\n user negation operator and the behavior of wildcard\n matching in command specifications Resolves: rhbz#846118\n Resolves: rhbz#856902\n\n - fixed regression in escaping of sudo -i arguments\n Resolves: rhbz#853203\n\n - bump release number\n\n - Fixed caching of user and group names\n\n - Backported RFC 4515 escaping of LDAP queries Resolves:\n rhbz#855836 Resolves: rhbz#869287\n\n - Add the -c option to sed commands in post/postun scripts\n Resolves: rhbz#818585\n\n - Implement a new sudoers Defaults option to restore old\n command exec behavior Resolves: rhbz#840971\n\n - Add ability to treat files authoritatively in\n sudoers.ldap Resolves: rhbz#840097\n\n - Changed policycoreutils dependency to a context specific\n dependency (post & postun) Resolves: rhbz#846694\n\n - don't use a temporary file when modifying nsswitch.conf\n\n - fix permissions on nsswitch.conf, if needed Resolves:\n rhbz#846631\n\n - added a workaround for a race condition in handling\n child processes Resolves: rhbz#829263\n\n - use safe temporary files in post/postun scripts\n\n - corrected postun script Resolves: rhbz#841070\n\n - corrected release number\n\n - call restorecon after modifying nsswitch.conf in the\n postun scriplet\n\n - added policycoreutils dependency Resolves: rhbz#818585\n\n - fixed `sudo -i' command escaping (#806073)\n\n - fixed multiple sudoHost LDAP attr. handlng (#740884)\n Resolves: rhbz#740884 Resolves: rhbz#806073\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000493.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Mac OS X Sudo Password Bypass');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/06/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.2\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.2\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.2\", reference:\"sudo-1.7.2p1-29.el5_10\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:54", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106"], "description": "[1.7.2p1-29]\n- added patch for CVE-2014-0106: certain environment variables not\n sanitized when env_reset is disabled\n Resolves: rhbz#1072210", "edition": 4, "modified": "2014-03-10T00:00:00", "published": "2014-03-10T00:00:00", "id": "ELSA-2014-0266", "href": "http://linux.oracle.com/errata/ELSA-2014-0266.html", "title": "sudo security update", "type": "oraclelinux", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "debian": [{"lastseen": "2020-11-11T13:29:09", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106", "CVE-2014-9680"], "description": "Package : sudo\nVersion : 1.7.4p4-2.squeeze.5\nCVE ID : CVE-2014-0106 CVE-2014-9680\nDebian Bug : #772707\n\nThis update fixes the CVEs described below.\n\nCVE-2014-0106\n\n Todd C. Miller reported that if the env_reset option is disabled\n in the sudoers file, the env_delete option is not correctly\n applied to environment variables specified on the command line. A\n malicious user with sudo permissions may be able to run arbitrary\n commands with elevated privileges by manipulating the environment\n of a command the user is legitimately allowed to run.\n\nCVE-2014-9680\n\n Jakub Wilk reported that sudo preserves the TZ variable from a\n user's environment without any sanitization. A user with sudo\n access may take advantage of this to exploit bugs in the C library\n functions which parse the TZ environment variable or to open files\n that the user would not otherwise be able to open. The latter\n could potentially cause changes in system behavior when reading\n certain device special files or cause the program run via sudo to\n block.\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\n-- \nBen Hutchings - Debian developer, kernel team member\n\n", "edition": 7, "modified": "2015-02-27T20:09:11", "published": "2015-02-27T20:09:11", "id": "DEBIAN:DLA-160-1:ACCA6", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00014.html", "title": "[SECURITY] [DLA 160-1] sudo security update", "type": "debian", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}]}
