Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562310844323HistoryFeb 04, 2020 - 12:00 a.m.
Ubuntu: Security Advisory (USN-4263-1)
2020-02-0400:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
13
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.2%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.844323");
script_cve_id("CVE-2019-18634");
script_tag(name:"creation_date", value:"2020-02-04 04:00:16 +0000 (Tue, 04 Feb 2020)");
script_version("2024-02-02T05:06:07+0000");
script_tag(name:"last_modification", value:"2024-02-02 05:06:07 +0000 (Fri, 02 Feb 2024)");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-02-06 16:00:20 +0000 (Thu, 06 Feb 2020)");
script_name("Ubuntu: Security Advisory (USN-4263-1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Ubuntu Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/ubuntu_linux", "ssh/login/packages", re:"ssh/login/release=UBUNTU(16\.04\ LTS|18\.04\ LTS|19\.10)");
script_xref(name:"Advisory-ID", value:"USN-4263-1");
script_xref(name:"URL", value:"https://ubuntu.com/security/notices/USN-4263-1");
script_tag(name:"summary", value:"The remote host is missing an update for the 'sudo' package(s) announced via the USN-4263-1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Joe Vennix discovered that Sudo incorrectly handled memory operations when
the pwfeedback option is enabled. A local attacker could possibly use this
issue to obtain unintended access to the administrator account.");
script_tag(name:"affected", value:"'sudo' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 19.10.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
release = dpkg_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "UBUNTU16.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.8.16-0ubuntu1.9", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.16-0ubuntu1.9", rls:"UBUNTU16.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU18.04 LTS") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.8.21p2-3ubuntu1.2", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.21p2-3ubuntu1.2", rls:"UBUNTU18.04 LTS"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
if(release == "UBUNTU19.10") {
if(!isnull(res = isdpkgvuln(pkg:"sudo", ver:"1.8.27-1ubuntu4.1", rls:"UBUNTU19.10"))) {
report += res;
}
if(!isnull(res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.27-1ubuntu4.1", rls:"UBUNTU19.10"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
prion
prion
Stack overflow
2020-01-29 18:15:00
oraclelinux
oraclelinux
sudo security update
2020-02-13 00:00:00
sudo security update
2020-02-19 00:00:00
sudo security update
2020-03-05 00:00:00
nessus
nessus
Debian DSA-4614-1 : sudo - security update
2020-02-03 00:00:00
Oracle Linux 8 : sudo (ELSA-2020-0487)
2023-09-07 00:00:00
Oracle Linux 6 : sudo (ELSA-2020-0726)
2020-03-09 00:00:00
osv
osv
CVE-2019-18634
2020-01-29 18:15:12
sudo - security update
2020-02-01 00:00:00
sudo - security update
2020-02-01 00:00:00
ubuntucve
ubuntucve
CVE-2019-18634
2020-01-31 00:00:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in Sudo Project Sudo
2021-04-25 18:53:17
Exploit for Out-of-bounds Write in Sudo Project Sudo
2021-08-01 10:50:55
Exploit for Out-of-bounds Write in Sudo Project Sudo
2020-02-07 18:07:03
amazon
amazon
Important: sudo
2020-03-16 21:29:00
Important: sudo
2020-03-16 20:58:00
redhat
redhat
(RHSA-2020:0509) Important: sudo security update
2020-02-13 19:00:11
(RHSA-2020:0487) Important: sudo security update
2020-02-13 09:08:44
(RHSA-2020:0726) Important: sudo security update
2020-03-05 12:33:40
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0406-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2021-1627)
2021-03-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0409-1)
2021-04-19 00:00:00
thn
thn
Sudo Bug Lets Non-Privileged Linux and macOS Users Run Commands as Root
2020-02-03 15:35:00
f5
f5
K91327225 : Linux sudo process vulnerability CVE-2019-18634
2020-02-24 00:00:00
zdt
zdt
Sudo 1.8.25p - Buffer Overflow Exploit
2020-02-04 00:00:00
Sudo 1.8.25p - (pwfeedback) Buffer Overflow Exploit
2020-02-05 00:00:00
debian
debian
[SECURITY] [DSA 4614-1] sudo security update
2020-02-01 12:45:56
[SECURITY] [DSA 4614-1] sudo security update
2020-02-01 12:45:56
[SECURITY] [DLA 2094-1] sudo security update
2020-02-01 22:56:58
centos
centos
sudo security update
2020-03-10 20:33:30
sudo security update
2020-02-18 22:21:38
exploitpack
exploitpack
Sudo 1.8.25p - pwfeedback Buffer Overflow (PoC)
2020-02-04 00:00:00
cve
cve
CVE-2019-18634
2020-01-29 18:15:00
redhatcve
redhatcve
CVE-2019-18634
2020-01-31 15:09:16
cloudfoundry
cloudfoundry
USN-4263-1: Sudo vulnerability | Cloud Foundry
2020-02-20 00:00:00
ubuntu
ubuntu
Sudo vulnerability
2020-02-03 00:00:00
Sudo vulnerability
2020-02-05 00:00:00
debiancve
debiancve
CVE-2019-18634
2020-01-29 18:15:00
packetstorm
packetstorm
Sudo 1.8.25p Buffer Overflow
2020-02-04 00:00:00
freebsd
freebsd
sudo -- Potential bypass of Runas user restrictions
2020-01-30 00:00:00
slackware
slackware
[slackware-security] sudo
2020-01-31 21:15:53
archlinux
archlinux
[ASA-202002-2] sudo: privilege escalation
2020-02-06 00:00:00
suse
suse
Security update for sudo (important)
2020-02-25 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package sudo version 1:1.8.31p2-alt1
2020-08-30 00:00:00
mageia
mageia
Updated sudo packages fix security vulnerability
2020-02-09 22:13:40
alpinelinux
alpinelinux
CVE-2019-18634
2020-01-29 18:15:00
exploitdb
exploitdb
Sudo 1.8.25p - 'pwfeedback' Buffer Overflow (PoC)
2020-02-04 00:00:00
attackerkb
attackerkb
CVE-2019-18634
2020-01-29 00:00:00
kitploit
kitploit
gentoo
gentoo
sudo: Multiple vulnerabilities
2020-03-14 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: sudo-1.9.0-0.1.b1.fc31
2020-03-06 02:26:46
[SECURITY] Fedora 32 Update: sudo-1.9.0-0.1.b1.fc32
2020-03-16 20:47:21
ibm
ibm
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.2 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
55.2%
Related for OPENVAS:1361412562310844323