Search...

RedHat Update for sudo RHSA-2012:0309-03

2012-02-21T00:00:00

ID OPENVAS:1361412562310870553
Type openvas
Reporter Copyright (c) 2012 Greenbone Networks GmbH
Modified 2018-11-23T00:00:00

Description

The remote host is missing an update for the

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# RedHat Update for sudo RHSA-2012:0309-03
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

if(description)
{
  script_xref(name:"URL", value:"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00047.html");
  script_oid("1.3.6.1.4.1.25623.1.0.870553");
  script_version("$Revision: 12497 $");
  script_tag(name:"last_modification", value:"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $");
  script_tag(name:"creation_date", value:"2012-02-21 18:56:44 +0530 (Tue, 21 Feb 2012)");
  script_cve_id("CVE-2011-0010");
  script_tag(name:"cvss_base", value:"4.4");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_xref(name:"RHSA", value:"2012:0309-03");
  script_name("RedHat Update for sudo RHSA-2012:0309-03");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'sudo'
  package(s) announced via the referenced advisory.");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
  script_family("Red Hat Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/rhel", "ssh/login/rpms", re:"ssh/login/release=RHENT_5");
  script_tag(name:"affected", value:"sudo on Red Hat Enterprise Linux (v. 5 server)");
  script_tag(name:"solution", value:"Please Install the Updated Packages.");
  script_tag(name:"insight", value:"The sudo (superuser do) utility allows system administrators to give
  certain users the ability to run commands as root.

  A flaw was found in the sudo password checking logic. In configurations
  where the sudoers settings allowed a user to run a command using sudo
  with only the group ID changed, sudo failed to prompt for the user's
  password before running the specified command with the elevated group
  privileges. (CVE-2011-0010)

  In addition, this update fixes the following bugs:

  * A NULL pointer dereference bug caused the sudo utility to terminate
  unexpectedly with a segmentation fault. This happened if the utility was
  run with the -g option and configured not to demand the password from the
  user who ran the sudo utility. With this update, the code has been modified
  and the problem no longer occurs. (BZ#673072)

  * The sudo utility failed to load sudoers from an LDAP (Lightweight
  Directory Access Protocol) server after the sudo tool was upgraded. This
  happened because the upgraded nsswitch.conf file did not contain the
  instruction to search for sudoers on the LDAP server. This update adds the
  lost instruction to /etc/nsswitch.conf and the system searches for sources
  of sudoers on the local file system and then on LDAP, if applicable.
  (BZ#617061)

  * The sudo tool interpreted a Runas alias specifying a group incorrectly as
  a user alias and the alias seemed to be ignored. With this update, the code
  for interpreting such aliases has been modified and the Runas group aliases
  are honored as expected. (BZ#627543)

  * Prior to this update, sudo did not parse comment characters (#) in the
  ldap.conf file correctly and could fail to work. With this update, parsing
  of the LDAP configuration file has been modified and the comment characters
  are parsed correctly. (BZ#750318)

  * The sudo utility formats its output to fit the width of the terminal
  window. However, this behavior is undesirable if the output is redirected
  through a pipeline. With this update, the output formatting is not applied
  in the scenario described. (BZ#697111)

  * Previously, the sudo utility performed Security-Enhanced Linux (SELinux)
  related initialization after switching to an unprivileged user. This
  prevented the correct setup of the SELinux environment before executing the
  specified command and could potentially cause an access denial. The bug has
  been fixed by backporting the SELinux related code and the execution model
  from a newer version of sudo. (BZ#477185)

  * On execv(3) function failure, the sudo tool executed a ...

  Description truncated, please see the referenced URL(s) for more information.");
  script_tag(name:"qod_type", value:"package");
  script_tag(name:"solution_type", value:"VendorFix");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release) exit(0);

res = "";

if(release == "RHENT_5")
{

  if ((res = isrpmvuln(pkg:"sudo", rpm:"sudo~1.7.2p1~13.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if ((res = isrpmvuln(pkg:"sudo-debuginfo", rpm:"sudo-debuginfo~1.7.2p1~13.el5", rls:"RHENT_5")) != NULL)
  {
    security_message(data:res);
    exit(0);
  }

  if (__pkg_match) exit(99);
  exit(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310870553", "type": "openvas", "bulletinFamily": "scanner", "title": "RedHat Update for sudo RHSA-2012:0309-03", "description": "The remote host is missing an update for the ", "published": "2012-02-21T00:00:00", "modified": "2018-11-23T00:00:00", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870553", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["2012:0309-03", "https://www.redhat.com/archives/rhsa-announce/2012-February/msg00047.html"], "cvelist": ["CVE-2011-0010"], "lastseen": "2019-05-29T18:39:16", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-0010"]}, {"type": "redhat", "idList": ["RHSA-2011:0599", "RHSA-2012:0168", "RHSA-2012:0309"]}, {"type": "oraclelinux", "idList": ["ELSA-2011-0599", "ELSA-2012-0309"]}, {"type": "slackware", "idList": ["SSA-2011-041-05"]}, {"type": "freebsd", "idList": ["908F4CF2-1E8B-11E0-A587-001B77D09812"]}, {"type": "ubuntu", "idList": ["USN-1046-1"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:11367", "SECURITYVULNS:DOC:25518"]}, {"type": "nessus", "idList": ["UBUNTU_USN-1046-1.NASL", "REDHAT-RHSA-2011-0599.NASL", "SL_20110519_SUDO_ON_SL6_X.NASL", "GENTOO_GLSA-201203-06.NASL", "SL_20120221_SUDO_ON_SL5_X.NASL", "FREEBSD_PKG_908F4CF21E8B11E0A587001B77D09812.NASL", "FEDORA_2011-0470.NASL", "REDHAT-RHSA-2012-0309.NASL", "ORACLELINUX_ELSA-2012-0309.NASL", "SLACKWARE_SSA_2011-041-05.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231068818", "OPENVAS:1361412562310122174", "OPENVAS:870711", "OPENVAS:136141256231068920", "OPENVAS:68818", "OPENVAS:1361412562310123966", "OPENVAS:1361412562310840571", "OPENVAS:68920", "OPENVAS:840571", "OPENVAS:870553"]}, {"type": "fedora", "idList": ["FEDORA:A25E0110E82", "FEDORA:B5D4D10F950"]}, {"type": "gentoo", "idList": ["GLSA-201203-06"]}], "modified": "2019-05-29T18:39:16", "rev": 2}, "score": {"value": 7.0, "vector": "NONE", "modified": "2019-05-29T18:39:16", "rev": 2}, "vulnersScore": 7.0}, "pluginID": "1361412562310870553", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2012:0309-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00047.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870553\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:44 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2012:0309-03\");\n script_name(\"RedHat Update for sudo RHSA-2012:0309-03\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_5\");\n script_tag(name:\"affected\", value:\"sudo on Red Hat Enterprise Linux (v. 5 server)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The sudo (superuser do) utility allows system administrators to give\n certain users the ability to run commands as root.\n\n A flaw was found in the sudo password checking logic. In configurations\n where the sudoers settings allowed a user to run a command using sudo\n with only the group ID changed, sudo failed to prompt for the user's\n password before running the specified command with the elevated group\n privileges. (CVE-2011-0010)\n\n In addition, this update fixes the following bugs:\n\n * A NULL pointer dereference bug caused the sudo utility to terminate\n unexpectedly with a segmentation fault. This happened if the utility was\n run with the -g option and configured not to demand the password from the\n user who ran the sudo utility. With this update, the code has been modified\n and the problem no longer occurs. (BZ#673072)\n\n * The sudo utility failed to load sudoers from an LDAP (Lightweight\n Directory Access Protocol) server after the sudo tool was upgraded. This\n happened because the upgraded nsswitch.conf file did not contain the\n instruction to search for sudoers on the LDAP server. This update adds the\n lost instruction to /etc/nsswitch.conf and the system searches for sources\n of sudoers on the local file system and then on LDAP, if applicable.\n (BZ#617061)\n\n * The sudo tool interpreted a Runas alias specifying a group incorrectly as\n a user alias and the alias seemed to be ignored. With this update, the code\n for interpreting such aliases has been modified and the Runas group aliases\n are honored as expected. (BZ#627543)\n\n * Prior to this update, sudo did not parse comment characters (#) in the\n ldap.conf file correctly and could fail to work. With this update, parsing\n of the LDAP configuration file has been modified and the comment characters\n are parsed correctly. (BZ#750318)\n\n * The sudo utility formats its output to fit the width of the terminal\n window. However, this behavior is undesirable if the output is redirected\n through a pipeline. With this update, the output formatting is not applied\n in the scenario described. (BZ#697111)\n\n * Previously, the sudo utility performed Security-Enhanced Linux (SELinux)\n related initialization after switching to an unprivileged user. This\n prevented the correct setup of the SELinux environment before executing the\n specified command and could potentially cause an access denial. The bug has\n been fixed by backporting the SELinux related code and the execution model\n from a newer version of sudo. (BZ#477185)\n\n * On execv(3) function failure, the sudo tool executed a ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~13.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.7.2p1~13.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Red Hat Local Security Checks"}

{"cve": [{"lastseen": "2021-02-02T05:50:57", "description": "check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command.", "edition": 4, "cvss3": {}, "published": "2011-01-18T18:03:00", "title": "CVE-2011-0010", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-0010"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:todd_miller:sudo:1.7.2p6", "cpe:/a:todd_miller:sudo:1.7.2p2", "cpe:/a:todd_miller:sudo:1.7.4p2", "cpe:/a:todd_miller:sudo:1.7.2p5", "cpe:/a:todd_miller:sudo:1.7.0", "cpe:/a:todd_miller:sudo:1.7.2p7", "cpe:/a:todd_miller:sudo:1.7.4", "cpe:/a:todd_miller:sudo:1.7.4p1", "cpe:/a:todd_miller:sudo:1.7.1", "cpe:/a:todd_miller:sudo:1.7.2p4", "cpe:/a:todd_miller:sudo:1.7.2", "cpe:/a:todd_miller:sudo:1.7.3b1", "cpe:/a:todd_miller:sudo:1.7.2p3", "cpe:/a:todd_miller:sudo:1.7.2p1", "cpe:/a:todd_miller:sudo:1.7.4p4", "cpe:/a:todd_miller:sudo:1.7.4p3"], "id": "CVE-2011-0010", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0010", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:todd_miller:sudo:1.7.2p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p6:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p7:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p3:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.3b1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.0:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.4p4:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:todd_miller:sudo:1.7.2p5:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2019-08-13T18:45:48", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In configurations\nwhere the sudoers settings allowed a user to run a command using sudo with\nonly the group ID changed, sudo failed to prompt for the user's password\nbefore running the specified command with the elevated group privileges.\n(CVE-2011-0010)\n\nThis update also fixes the following bugs:\n\n* When the \"/etc/sudoers\" file contained entries with multiple hosts,\nrunning the \"sudo -l\" command incorrectly reported that a certain user does\nnot have permissions to use sudo on the system. With this update, running\nthe \"sudo -l\" command now produces the correct output. (BZ#603823)\n\n* Prior to this update, the manual page for sudoers.ldap was not installed,\neven though it contains important information on how to set up an LDAP\n(Lightweight Directory Access Protocol) sudoers source, and other documents\nrefer to it. With this update, the manual page is now properly included in\nthe package. Additionally, various POD files have been removed from the\npackage, as they are required for build purposes only. (BZ#634159)\n\n* The previous version of sudo did not use the same location for the LDAP\nconfiguration files as the nss_ldap package. This has been fixed and sudo\nnow looks for these files in the same location as the nss_ldap package.\n(BZ#652726)\n\n* When a file was edited using the \"sudo -e file\" or the \"sudoedit file\"\ncommand, the editor being executed for this task was logged only as\n\"sudoedit\". With this update, the full path to the executable being used as\nan editor is now logged (instead of \"sudoedit\"). (BZ#665131)\n\n* A comment regarding the \"visiblepw\" option of the \"Defaults\" directive\nhas been added to the default \"/etc/sudoers\" file to clarify its usage.\n(BZ#688640)\n\n* This erratum upgrades sudo to upstream version 1.7.4p5, which provides a\nnumber of bug fixes and enhancements over the previous version. (BZ#615087)\n\nAll users of sudo are advised to upgrade to this updated package, which\nresolves these issues.\n", "modified": "2018-06-06T20:24:09", "published": "2011-05-19T04:00:00", "id": "RHSA-2011:0599", "href": "https://access.redhat.com/errata/RHSA-2011:0599", "type": "redhat", "title": "(RHSA-2011:0599) Low: sudo security and bug fix update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:15", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In configurations\nwhere the sudoers settings allowed a user to run a command using sudo\nwith only the group ID changed, sudo failed to prompt for the user's\npassword before running the specified command with the elevated group\nprivileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs:\n\n* A NULL pointer dereference bug caused the sudo utility to terminate\nunexpectedly with a segmentation fault. This happened if the utility was\nrun with the -g option and configured not to demand the password from the\nuser who ran the sudo utility. With this update, the code has been modified\nand the problem no longer occurs. (BZ#673072)\n\n* The sudo utility failed to load sudoers from an LDAP (Lightweight\nDirectory Access Protocol) server after the sudo tool was upgraded. This\nhappened because the upgraded nsswitch.conf file did not contain the\ninstruction to search for sudoers on the LDAP server. This update adds the\nlost instruction to /etc/nsswitch.conf and the system searches for sources\nof sudoers on the local file system and then on LDAP, if applicable.\n(BZ#617061)\n\n* The sudo tool interpreted a Runas alias specifying a group incorrectly as\na user alias and the alias seemed to be ignored. With this update, the code\nfor interpreting such aliases has been modified and the Runas group aliases\nare honored as expected. (BZ#627543)\n\n* Prior to this update, sudo did not parse comment characters (#) in the\nldap.conf file correctly and could fail to work. With this update, parsing\nof the LDAP configuration file has been modified and the comment characters\nare parsed correctly. (BZ#750318)\n\n* The sudo utility formats its output to fit the width of the terminal\nwindow. However, this behavior is undesirable if the output is redirected\nthrough a pipeline. With this update, the output formatting is not applied\nin the scenario described. (BZ#697111)\n\n* Previously, the sudo utility performed Security-Enhanced Linux (SELinux)\nrelated initialization after switching to an unprivileged user. This\nprevented the correct setup of the SELinux environment before executing the\nspecified command and could potentially cause an access denial. The bug has\nbeen fixed by backporting the SELinux related code and the execution model\nfrom a newer version of sudo. (BZ#477185)\n\n* On execv(3) function failure, the sudo tool executed an auditing call\nbefore reporting the failure. The call reset the error state and,\nconsequently, the tool incorrectly reported that the command succeeded.\nWith this update, the code has been modified and the problem no longer\noccurs. (BZ#673157)\n\nAll users of sudo are advised to upgrade to this updated package, which\nresolves these issues.\n", "modified": "2017-09-08T11:53:33", "published": "2012-02-21T05:00:00", "id": "RHSA-2012:0309", "href": "https://access.redhat.com/errata/RHSA-2012:0309", "type": "redhat", "title": "(RHSA-2012:0309) Low: sudo security and bug fix update", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-08-13T18:46:47", "bulletinFamily": "unix", "cvelist": ["CVE-2006-1168", "CVE-2009-5029", "CVE-2009-5064", "CVE-2010-0424", "CVE-2010-0830", "CVE-2010-4008", "CVE-2011-0010", "CVE-2011-0216", "CVE-2011-1083", "CVE-2011-1089", "CVE-2011-1526", "CVE-2011-1675", "CVE-2011-1677", "CVE-2011-1749", "CVE-2011-1944", "CVE-2011-2716", "CVE-2011-2834", "CVE-2011-3638", "CVE-2011-3905", "CVE-2011-3919", "CVE-2011-4086", "CVE-2011-4108", "CVE-2011-4109", "CVE-2011-4127", "CVE-2011-4347", "CVE-2011-4576", "CVE-2011-4619", "CVE-2012-0028", "CVE-2012-0029", "CVE-2012-0207"], "description": "The rhev-hypervisor5 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization\nHypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor.\nIt includes everything necessary to run and manage virtual machines: A\nsubset of the Red Hat Enterprise Linux operating environment and the Red\nHat Enterprise Virtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nA heap overflow flaw was found in the way QEMU-KVM emulated the e1000\nnetwork interface card. A privileged guest user in a virtual machine whose\nnetwork interface is configured to use the e1000 emulated driver could use\nthis flaw to crash the host or, possibly, escalate their privileges on the\nhost. (CVE-2012-0029)\n\nA divide-by-zero flaw was found in the Linux kernel's igmp_heard_query()\nfunction. An attacker able to send certain IGMP (Internet Group Management\nProtocol) packets to a target system could use this flaw to cause a denial\nof service. (CVE-2012-0207)\n\nA double free flaw was discovered in the policy checking code in OpenSSL.\nA remote attacker could use this flaw to crash an application that uses\nOpenSSL by providing an X.509 certificate that has specially-crafted\npolicy extension data. (CVE-2011-4109)\n\nAn information leak flaw was found in the SSL 3.0 protocol implementation\nin OpenSSL. Incorrect initialization of SSL record padding bytes could\ncause an SSL client or server to send a limited amount of possibly\nsensitive data to its SSL peer via the encrypted connection.\n(CVE-2011-4576)\n\nIt was discovered that OpenSSL did not limit the number of TLS/SSL\nhandshake restarts required to support Server Gated Cryptography. A remote\nattacker could use this flaw to make a TLS/SSL server using OpenSSL consume\nan excessive amount of CPU by continuously restarting the handshake.\n(CVE-2011-4619)\n\nRed Hat would like to thank Nicolae Mogoreanu for reporting CVE-2012-0029,\nand Simon McVittie for reporting CVE-2012-0207.\n\nThis updated package provides updated components that include fixes for\nvarious security issues. These issues have no security impact on Red Hat\nEnterprise Virtualization Hypervisor itself, however. The security fixes\nincluded in this update address the following CVE numbers:\n\nCVE-2006-1168 and CVE-2011-2716 (busybox issues)\n\nCVE-2009-5029, CVE-2009-5064, CVE-2010-0830 and CVE-2011-1089 (glibc\nissues)\n\nCVE-2011-1083, CVE-2011-3638, CVE-2011-4086, CVE-2011-4127 and\nCVE-2012-0028 (kernel issues)\n\nCVE-2011-1526 (krb5 issue)\n\nCVE-2011-4347 (kvm issue)\n\nCVE-2010-4008, CVE-2011-0216, CVE-2011-2834, CVE-2011-3905, CVE-2011-3919\nand CVE-2011-1944 (libxml2 issues)\n\nCVE-2011-1749 (nfs-utils issue)\n\nCVE-2011-4108 (openssl issue)\n\nCVE-2011-0010 (sudo issue)\n\nCVE-2011-1675 and CVE-2011-1677 (util-linux issues)\n\nCVE-2010-0424 (vixie-cron issue)\n\nThis updated rhev-hypervisor5 package fixes various bugs. Documentation of\nthese changes will be available shortly in the Technical Notes document:\n\nhttps://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Virtualization_for_Servers/2.2/html/Technical_Notes/index.html\n\nUsers of Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package, which fixes these issues.\n", "modified": "2019-03-22T23:44:11", "published": "2012-02-21T05:00:00", "id": "RHSA-2012:0168", "href": "https://access.redhat.com/errata/RHSA-2012:0168", "type": "redhat", "title": "(RHSA-2012:0168) Important: rhev-hypervisor5 security and bug fix update", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "[1.7.4p5-5]\n- patch: log failed user role changes\n Resolves: rhbz#665131\n[1.7.4p5-4]\n- added #includedir /etc/sudoers.d to sudoers\n Resolves: rhbz#615087\n[1.7.4p5-3]\n- added !visiblepw option to sudoers\n Resolves: rhbz#688640\n[1.7.4p5-2]\n- added patch for rhbz#665131\n Resolves: rhbz#665131\n[1.7.4p5-1]\n- rebase to latest stable version\n- sudo now uses /var/db/sudo for timestamps\n- new command available: sudoreplay\n- use native audit support\n- sync configuration paths with the nss_ldap package\n Resolves: rhbz#615087\n Resolves: rhbz#652726\n Resolves: rhbz#634159\n Resolves: rhbz#603823", "edition": 4, "modified": "2011-05-28T00:00:00", "published": "2011-05-28T00:00:00", "id": "ELSA-2011-0599", "href": "http://linux.oracle.com/errata/ELSA-2011-0599.html", "title": "sudo security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:26", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "[1.7.2p1-13]\n- patch: parse ldap.conf more closely to nss_ldap\n Resolves: rhbz#750318\n[1.7.2p1-12]\n- added patch for CVE-2011-0010\n Resolves: rhbz#757157\n[1.7.2p1-11]\n- backported selinux support from 1.7.4p5 (#477185, #673157)\n- fixed bug in Runas_Spec group matching (#627543)\n- disable 'sudo -l' output word wrapping if the output\n is piped (#697111)\n- fixed overwriting of errno after execve failure (#673157)\n- fixed segmentation fault (#673072)\n- add a sudoers entry to the nsswitch.conf file\n on install (and delete it on uninstall) (#617061)\n Resolves: rhbz#697111\n Resolves: rhbz#673157\n Resolves: rhbz#673072\n Resolves: rhbz#627543\n Resolves: rhbz#617061\n Resolves: rhbz#477185", "edition": 4, "modified": "2012-03-01T00:00:00", "published": "2012-03-01T00:00:00", "id": "ELSA-2012-0309", "href": "http://linux.oracle.com/errata/ELSA-2012-0309.html", "title": "sudo security and bug fix update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "slackware": [{"lastseen": "2020-10-25T16:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.\n\n\nHere are the details from the Slackware 13.1 ChangeLog:\n\npatches/packages/sudo-1.7.4p6-i486-1_slack13.1.txz: Upgraded.\n Fix Runas group password checking.\n For more information, see the included CHANGES and NEWS files, and:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0010\n (* Security fix *)\n\nWhere to find the new packages:\n\nHINT: Getting slow download speeds from ftp.slackware.com?\nGive slackware.osuosl.org a try. This is another primary FTP site\nfor Slackware that can be considerably faster than downloading\ndirectly from ftp.slackware.com.\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating additional FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 8.1:\nftp://ftp.slackware.com/pub/slackware/slackware-8.1/patches/packages/sudo-1.7.4p6-i386-1_slack8.1.tgz\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/sudo-1.7.4p6-i386-1_slack9.0.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/sudo-1.7.4p6-i486-1_slack9.1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/sudo-1.7.4p6-i486-1_slack10.0.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/sudo-1.7.4p6-i486-1_slack10.1.tgz\n\nUpdated package for Slackware 10.2:\nftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/sudo-1.7.4p6-i486-1_slack10.2.tgz\n\nUpdated package for Slackware 11.0:\nftp://ftp.slackware.com/pub/slackware/slackware-11.0/patches/packages/sudo-1.7.4p6-i486-1_slack11.0.tgz\n\nUpdated package for Slackware 12.0:\nftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/sudo-1.7.4p6-i486-1_slack12.0.tgz\n\nUpdated package for Slackware 12.1:\nftp://ftp.slackware.com/pub/slackware/slackware-12.1/patches/packages/sudo-1.7.4p6-i486-1_slack12.1.tgz\n\nUpdated package for Slackware 12.2:\nftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/sudo-1.7.4p6-i486-1_slack12.2.tgz\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/sudo-1.7.4p6-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/sudo-1.7.4p6-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/sudo-1.7.4p6-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/sudo-1.7.4p6-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.7.4p6-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.7.4p6-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 8.1 package:\n2413efdfdd66692482d1c08d20cec4cb sudo-1.7.4p6-i386-1_slack8.1.tgz\n\nSlackware 9.0 package:\n1e7ebbb23572aa61dc17839eba16246c sudo-1.7.4p6-i386-1_slack9.0.tgz\n\nSlackware 9.1 package:\n4504e90bb5c85f32d2d854f6fdff2e34 sudo-1.7.4p6-i486-1_slack9.1.tgz\n\nSlackware 10.0 package:\n52f71decec23d3713e893be5cd313389 sudo-1.7.4p6-i486-1_slack10.0.tgz\n\nSlackware 10.1 package:\n9bf9fba1cb8616e5ecaa7200b38a554c sudo-1.7.4p6-i486-1_slack10.1.tgz\n\nSlackware 10.2 package:\nbff1eb40a0d917bc69ed56de9d3a80b2 sudo-1.7.4p6-i486-1_slack10.2.tgz\n\nSlackware 11.0 package:\n3e38aad774807c72dfcd363dc28c96d6 sudo-1.7.4p6-i486-1_slack11.0.tgz\n\nSlackware 12.0 package:\na398a357eefda005e48079c80e9a5a3f sudo-1.7.4p6-i486-1_slack12.0.tgz\n\nSlackware 12.1 package:\ndefed431a5dd393104fb7e75eacd7f37 sudo-1.7.4p6-i486-1_slack12.1.tgz\n\nSlackware 12.2 package:\nae631e5c89cb680de39dfc8187b6e599 sudo-1.7.4p6-i486-1_slack12.2.tgz\n\nSlackware 13.0 package:\nc87d3cf2c6d6446484840f508cc708f7 sudo-1.7.4p6-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n0e89b2c48b66e2ae9fef263999f10203 sudo-1.7.4p6-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n1b56f2e74922fd207fffad010fe06d5a sudo-1.7.4p6-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\ne9bf6359afb94415f21cecfc6f4608d9 sudo-1.7.4p6-x86_64-1_slack13.1.txz\n\nSlackware -current package:\n1aec43064cb3d935ff0d24ac2d259be0 sudo-1.7.4p6-i486-1.txz\n\nSlackware x86_64 -current package:\nf7072eb54acc217d39b78af09810e98f sudo-1.7.4p6-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg sudo-1.7.4p6-i486-1_slack13.1.txz", "modified": "2011-02-11T01:18:11", "published": "2011-02-11T01:18:11", "id": "SSA-2011-041-05", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654", "type": "slackware", "title": "[slackware-security] sudo", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:02", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "\nTodd Miller reports:\n\nBeginning with sudo version 1.7.0 it has been possible\n\t to grant permission to run a command using a specified\n\t group via sudo's -g option (run as group), if allowed by\n\t the sudoers file. A flaw exists in sudo's password\n\t checking logic that allows a user to run a command\n\t with only the group changed without being prompted\n\t for a password.\n\n", "edition": 4, "modified": "2011-01-11T00:00:00", "published": "2011-01-11T00:00:00", "id": "908F4CF2-1E8B-11E0-A587-001B77D09812", "href": "https://vuxml.freebsd.org/freebsd/908f4cf2-1e8b-11e0-a587-001b77d09812.html", "title": "sudo -- local privilege escalation", "type": "freebsd", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:38", "bulletinFamily": "software", "cvelist": ["CVE-2011-0010"], "description": "===========================================================\r\nUbuntu Security Notice USN-1046-1 January 20, 2011\r\nsudo vulnerability\r\nCVE-2011-0010\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 9.10\r\nUbuntu 10.04 LTS\r\nUbuntu 10.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 9.10:\r\n sudo 1.7.0-1ubuntu2.6\r\n sudo-ldap 1.7.0-1ubuntu2.6\r\n\r\nUbuntu 10.04 LTS:\r\n sudo 1.7.2p1-1ubuntu5.3\r\n sudo-ldap 1.7.2p1-1ubuntu5.3\r\n\r\nUbuntu 10.10:\r\n sudo 1.7.2p7-1ubuntu2.1\r\n sudo-ldap 1.7.2p7-1ubuntu2.1\r\n\r\nIn general, a standard system update will make all the necessary changes.\r\n\r\nDetails follow:\r\n\r\nAlexander Kurtz discovered that sudo would not prompt for a password when\r\na group was specified in the Runas_Spec. A local attacker could exploit\r\nthis to execute arbitrary code as the specified group if sudo was\r\nconfigured to allow the attacker to use a program as this group. The group\r\nRunas_Spec is not used in the default installation of Ubuntu.\r\n\r\n\r\nUpdated packages for Ubuntu 9.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6.diff.gz\r\n Size/MD5: 26877 0a131d32d3d6cb4810b95ba5421346b6\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6.dsc\r\n Size/MD5: 1757 41c6991abbfea6b7cbe6708ab07d2186\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0.orig.tar.gz\r\n Size/MD5: 744311 5fd96bba35fe29b464f7aa6ad255f0a6\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_amd64.deb\r\n Size/MD5: 311418 4e20db9f0d9d3da2d0c4bad38da97879\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_amd64.deb\r\n Size/MD5: 335378 21dab3619780413d5cbe250d707b3fc0\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_i386.deb\r\n Size/MD5: 298826 ebb28d4fa3e93002d1d28d39cb4fdedb\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_i386.deb\r\n Size/MD5: 320354 42f7b6769bc1d7e48cb7076ea3c76a48\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_armel.deb\r\n Size/MD5: 297674 a9a685e1a467013faf4cc2d17a8bb51a\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_armel.deb\r\n Size/MD5: 319706 79b5f034456f5f30f6e2794754da3983\r\n\r\n lpia architecture (Low Power Intel Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_lpia.deb\r\n Size/MD5: 298850 4bf9a03f1475d941e127af7332760354\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_lpia.deb\r\n Size/MD5: 320656 880c1c635f7d97878cf4959db30bb215\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 306898 7fbebd6a32691c8187043c3e448b1441\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_powerpc.deb\r\n Size/MD5: 329952 035a583e9c71f4b0c541b4471d7a23dd\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.0-1ubuntu2.6_sparc.deb\r\n Size/MD5: 302552 c51154d40cd999580d1e0684bf4724bc\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.0-1ubuntu2.6_sparc.deb\r\n Size/MD5: 324594 c860cd6176d7a3769d484d85a9c05e0f\r\n\r\nUpdated packages for Ubuntu 10.04 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3.diff.gz\r\n Size/MD5: 27664 1d366b7edf66dcb6ab3a0aef6543677b\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3.dsc\r\n Size/MD5: 1771 0254600b76a959ce7f4751487e8aba1c\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1.orig.tar.gz\r\n Size/MD5: 771059 4449d466a774f5ce401c9c0e3866c026\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_amd64.deb\r\n Size/MD5: 327346 8ceaa2caa94f32bbb48687dcbf83e1d0\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_amd64.deb\r\n Size/MD5: 351152 70927e8cc9fea948aa31fe27a0870a9e\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_i386.deb\r\n Size/MD5: 311848 f9b82d11e5773a77150cc6f48c45c20f\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_i386.deb\r\n Size/MD5: 334294 a4a5e1ec0a6680c9c7804de9ddee0098\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_armel.deb\r\n Size/MD5: 306620 6344b4adc273990b62a2f41eec2785d3\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_armel.deb\r\n Size/MD5: 329590 2c3b34db34f64c970f9b7c2efc39d453\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_powerpc.deb\r\n Size/MD5: 321892 447bbfffca308ac1b3fed6521b39bfc9\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_powerpc.deb\r\n Size/MD5: 345714 dcc31787b19ddaf43ed387367853d353\r\n\r\n sparc architecture (Sun SPARC/UltraSPARC):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p1-1ubuntu5.3_sparc.deb\r\n Size/MD5: 319240 37e0e3552e429346121219e86a96bb0e\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p1-1ubuntu5.3_sparc.deb\r\n Size/MD5: 342374 8bfec5685fd75afd7b1b5607635b412b\r\n\r\nUpdated packages for Ubuntu 10.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1.debian.tar.gz\r\n Size/MD5: 29268 fa37ae644d44ac952b7b2f354fb15734\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1.dsc\r\n Size/MD5: 1797 b8aaf3f8081f86a24adc76705a0707e4\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7.orig.tar.gz\r\n Size/MD5: 772356 3ac78668427a53e12d7639fdfab2f1af\r\n\r\n amd64 architecture (Athlon64, Opteron, EM64T Xeon):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_amd64.deb\r\n Size/MD5: 329962 19af3393ae15f16f63140beca6044ecd\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_amd64.deb\r\n Size/MD5: 353426 f84c71db0a392a6ac392d35c1bdbd3df\r\n\r\n i386 architecture (x86 compatible Intel/AMD):\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_i386.deb\r\n Size/MD5: 314850 c6635045fd7e48b3a47b64e4cba7eb78\r\n http://security.ubuntu.com/ubuntu/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_i386.deb\r\n Size/MD5: 336478 09f5c3d7ddc1cea3e9eb6e74c8590df1\r\n\r\n armel architecture (ARM Architecture):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_armel.deb\r\n Size/MD5: 314332 bdc71a8677516031b8275c50d9871032\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_armel.deb\r\n Size/MD5: 336878 c55d7851cc45cdcdeba3eb626b0a6553\r\n\r\n powerpc architecture (Apple Macintosh G3/G4/G5):\r\n\r\n http://ports.ubuntu.com/pool/main/s/sudo/sudo_1.7.2p7-1ubuntu2.1_powerpc.deb\r\n Size/MD5: 324918 af6829a76e25f55df562ba2e4c2e595c\r\n http://ports.ubuntu.com/pool/universe/s/sudo/sudo-ldap_1.7.2p7-1ubuntu2.1_powerpc.deb\r\n Size/MD5: 348046 75310ccb4b4a8e7571b947e131af42c4\r\n\r\n\r\n", "edition": 1, "modified": "2011-01-20T00:00:00", "published": "2011-01-20T00:00:00", "id": "SECURITYVULNS:DOC:25518", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:25518", "title": "[USN-1046-1] Sudo vulnerability", "type": "securityvulns", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:40", "bulletinFamily": "software", "cvelist": ["CVE-2009-0034", "CVE-2011-0008", "CVE-2011-0010"], "description": "Under some conditions it's possible to execute code with group rights.", "edition": 1, "modified": "2011-01-20T00:00:00", "published": "2011-01-20T00:00:00", "id": "SECURITYVULNS:VULN:11367", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11367", "title": "sudo privilege escalation", "type": "securityvulns", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-17T09:10:35", "description": "New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a\nsecurity issue.", "edition": 24, "published": "2011-02-11T00:00:00", "title": "Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2011-041-05)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2011-02-11T00:00:00", "cpe": ["cpe:/o:slackware:slackware_linux:12.0", "cpe:/o:slackware:slackware_linux:8.1", "cpe:/o:slackware:slackware_linux:9.0", "cpe:/o:slackware:slackware_linux:12.2", "cpe:/o:slackware:slackware_linux:9.1", "cpe:/o:slackware:slackware_linux:13.0", "cpe:/o:slackware:slackware_linux:10.1", "p-cpe:/a:slackware:slackware_linux:sudo", "cpe:/o:slackware:slackware_linux:10.0", "cpe:/o:slackware:slackware_linux:11.0", "cpe:/o:slackware:slackware_linux", "cpe:/o:slackware:slackware_linux:10.2", "cpe:/o:slackware:slackware_linux:12.1", "cpe:/o:slackware:slackware_linux:13.1"], "id": "SLACKWARE_SSA_2011-041-05.NASL", "href": "https://www.tenable.com/plugins/nessus/51944", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Slackware Security Advisory 2011-041-05. The text \n# itself is copyright (C) Slackware Linux, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51944);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0010\");\n script_bugtraq_id(45774);\n script_xref(name:\"SSA\", value:\"2011-041-05\");\n\n script_name(english:\"Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2011-041-05)\");\n script_summary(english:\"Checks for updated package in /var/log/packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Slackware host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0,\n10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a\nsecurity issue.\"\n );\n # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.593654\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e090adb8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:slackware:slackware_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:11.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:12.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:slackware:slackware_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/02/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Slackware Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Slackware/release\", \"Host/Slackware/packages\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"slackware.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Slackware/release\")) audit(AUDIT_OS_NOT, \"Slackware\");\nif (!get_kb_item(\"Host/Slackware/packages\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Slackware\", cpu);\n\n\nflag = 0;\nif (slackware_check(osver:\"8.1\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i386\", pkgnum:\"1_slack8.1\")) flag++;\n\nif (slackware_check(osver:\"9.0\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i386\", pkgnum:\"1_slack9.0\")) flag++;\n\nif (slackware_check(osver:\"9.1\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack9.1\")) flag++;\n\nif (slackware_check(osver:\"10.0\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack10.0\")) flag++;\n\nif (slackware_check(osver:\"10.1\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack10.1\")) flag++;\n\nif (slackware_check(osver:\"10.2\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack10.2\")) flag++;\n\nif (slackware_check(osver:\"11.0\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack11.0\")) flag++;\n\nif (slackware_check(osver:\"12.0\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack12.0\")) flag++;\n\nif (slackware_check(osver:\"12.1\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack12.1\")) flag++;\n\nif (slackware_check(osver:\"12.2\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack12.2\")) flag++;\n\nif (slackware_check(osver:\"13.0\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack13.0\")) flag++;\nif (slackware_check(osver:\"13.0\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.0\")) flag++;\n\nif (slackware_check(osver:\"13.1\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1_slack13.1\")) flag++;\nif (slackware_check(osver:\"13.1\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"x86_64\", pkgnum:\"1_slack13.1\")) flag++;\n\nif (slackware_check(osver:\"current\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"i486\", pkgnum:\"1\")) flag++;\nif (slackware_check(osver:\"current\", arch:\"x86_64\", pkgname:\"sudo\", pkgver:\"1.7.4p6\", pkgarch:\"x86_64\", pkgnum:\"1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:slackware_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-01T07:11:18", "description": "Alexander Kurtz discovered that sudo would not prompt for a password\nwhen a group was specified in the Runas_Spec. A local attacker could\nexploit this to execute arbitrary code as the specified group if sudo\nwas configured to allow the attacker to use a program as this group.\nThe group Runas_Spec is not used in the default installation of\nUbuntu.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-01-21T00:00:00", "title": "Ubuntu 9.10 / 10.04 LTS / 10.10 : sudo vulnerability (USN-1046-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2021-02-02T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:10.10", "cpe:/o:canonical:ubuntu_linux:9.10", "p-cpe:/a:canonical:ubuntu_linux:sudo-ldap", "p-cpe:/a:canonical:ubuntu_linux:sudo"], "id": "UBUNTU_USN-1046-1.NASL", "href": "https://www.tenable.com/plugins/nessus/51643", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-1046-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(51643);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/09/19 12:54:26\");\n\n script_cve_id(\"CVE-2011-0010\");\n script_bugtraq_id(45774);\n script_xref(name:\"USN\", value:\"1046-1\");\n\n script_name(english:\"Ubuntu 9.10 / 10.04 LTS / 10.10 : sudo vulnerability (USN-1046-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Alexander Kurtz discovered that sudo would not prompt for a password\nwhen a group was specified in the Runas_Spec. A local attacker could\nexploit this to execute arbitrary code as the specified group if sudo\nwas configured to allow the attacker to use a program as this group.\nThe group Runas_Spec is not used in the default installation of\nUbuntu.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/1046-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:9.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2011-2019 Canonical, Inc. / NASL script (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(9\\.10|10\\.04|10\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 9.10 / 10.04 / 10.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"9.10\", pkgname:\"sudo\", pkgver:\"1.7.0-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"9.10\", pkgname:\"sudo-ldap\", pkgver:\"1.7.0-1ubuntu2.6\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo\", pkgver:\"1.7.2p1-1ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo-ldap\", pkgver:\"1.7.2p1-1ubuntu5.3\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"sudo\", pkgver:\"1.7.2p7-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"10.10\", pkgname:\"sudo-ldap\", pkgver:\"1.7.2p7-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-ldap\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:10:28", "description": "An updated sudo package that fixes one security issue and various bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs :\n\n* A NULL pointer dereference bug caused the sudo utility to terminate\nunexpectedly with a segmentation fault. This happened if the utility\nwas run with the -g option and configured not to demand the password\nfrom the user who ran the sudo utility. With this update, the code has\nbeen modified and the problem no longer occurs. (BZ#673072)\n\n* The sudo utility failed to load sudoers from an LDAP (Lightweight\nDirectory Access Protocol) server after the sudo tool was upgraded.\nThis happened because the upgraded nsswitch.conf file did not contain\nthe instruction to search for sudoers on the LDAP server. This update\nadds the lost instruction to /etc/nsswitch.conf and the system\nsearches for sources of sudoers on the local file system and then on\nLDAP, if applicable. (BZ#617061)\n\n* The sudo tool interpreted a Runas alias specifying a group\nincorrectly as a user alias and the alias seemed to be ignored. With\nthis update, the code for interpreting such aliases has been modified\nand the Runas group aliases are honored as expected. (BZ#627543)\n\n* Prior to this update, sudo did not parse comment characters (#) in\nthe ldap.conf file correctly and could fail to work. With this update,\nparsing of the LDAP configuration file has been modified and the\ncomment characters are parsed correctly. (BZ#750318)\n\n* The sudo utility formats its output to fit the width of the terminal\nwindow. However, this behavior is undesirable if the output is\nredirected through a pipeline. With this update, the output formatting\nis not applied in the scenario described. (BZ#697111)\n\n* Previously, the sudo utility performed Security-Enhanced Linux\n(SELinux) related initialization after switching to an unprivileged\nuser. This prevented the correct setup of the SELinux environment\nbefore executing the specified command and could potentially cause an\naccess denial. The bug has been fixed by backporting the SELinux\nrelated code and the execution model from a newer version of sudo.\n(BZ#477185)\n\n* On execv(3) function failure, the sudo tool executed an auditing\ncall before reporting the failure. The call reset the error state and,\nconsequently, the tool incorrectly reported that the command\nsucceeded. With this update, the code has been modified and the\nproblem no longer occurs. (BZ#673157)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.", "edition": 20, "published": "2012-02-21T00:00:00", "title": "RHEL 5 : sudo (RHSA-2012:0309)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2012-02-21T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo", "p-cpe:/a:redhat:enterprise_linux:sudo"], "id": "REDHAT-RHSA-2012-0309.NASL", "href": "https://www.tenable.com/plugins/nessus/58063", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2012:0309. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58063);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0010\");\n script_xref(name:\"RHSA\", value:\"2012:0309\");\n\n script_name(english:\"RHEL 5 : sudo (RHSA-2012:0309)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sudo package that fixes one security issue and various bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs :\n\n* A NULL pointer dereference bug caused the sudo utility to terminate\nunexpectedly with a segmentation fault. This happened if the utility\nwas run with the -g option and configured not to demand the password\nfrom the user who ran the sudo utility. With this update, the code has\nbeen modified and the problem no longer occurs. (BZ#673072)\n\n* The sudo utility failed to load sudoers from an LDAP (Lightweight\nDirectory Access Protocol) server after the sudo tool was upgraded.\nThis happened because the upgraded nsswitch.conf file did not contain\nthe instruction to search for sudoers on the LDAP server. This update\nadds the lost instruction to /etc/nsswitch.conf and the system\nsearches for sources of sudoers on the local file system and then on\nLDAP, if applicable. (BZ#617061)\n\n* The sudo tool interpreted a Runas alias specifying a group\nincorrectly as a user alias and the alias seemed to be ignored. With\nthis update, the code for interpreting such aliases has been modified\nand the Runas group aliases are honored as expected. (BZ#627543)\n\n* Prior to this update, sudo did not parse comment characters (#) in\nthe ldap.conf file correctly and could fail to work. With this update,\nparsing of the LDAP configuration file has been modified and the\ncomment characters are parsed correctly. (BZ#750318)\n\n* The sudo utility formats its output to fit the width of the terminal\nwindow. However, this behavior is undesirable if the output is\nredirected through a pipeline. With this update, the output formatting\nis not applied in the scenario described. (BZ#697111)\n\n* Previously, the sudo utility performed Security-Enhanced Linux\n(SELinux) related initialization after switching to an unprivileged\nuser. This prevented the correct setup of the SELinux environment\nbefore executing the specified command and could potentially cause an\naccess denial. The bug has been fixed by backporting the SELinux\nrelated code and the execution model from a newer version of sudo.\n(BZ#477185)\n\n* On execv(3) function failure, the sudo tool executed an auditing\ncall before reporting the failure. The call reset the error state and,\nconsequently, the tool incorrectly reported that the command\nsucceeded. With this update, the code has been modified and the\nproblem no longer occurs. (BZ#673157)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2012:0309\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0010\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2012:0309\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"sudo-1.7.2p1-13.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"sudo-1.7.2p1-13.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"sudo-1.7.2p1-13.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"sudo-debuginfo-1.7.2p1-13.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"s390x\", reference:\"sudo-debuginfo-1.7.2p1-13.el5\")) flag++;\n if (rpm_check(release:\"RHEL5\", cpu:\"x86_64\", reference:\"sudo-debuginfo-1.7.2p1-13.el5\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo\");\n }\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:45:41", "description": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nThis update also fixes the following bugs :\n\n - When the '/etc/sudoers' file contained entries with\n multiple hosts, running the 'sudo -l' command\n incorrectly reported that a certain user does not have\n permissions to use sudo on the system. With this update,\n running the 'sudo -l' command now produces the correct\n output. (BZ#603823)\n\n - Prior to this update, the manual page for sudoers.ldap\n was not installed, even though it contains important\n information on how to set up an LDAP (Lightweight\n Directory Access Protocol) sudoers source, and other\n documents refer to it. With this update, the manual page\n is now properly included in the package. Additionally,\n various POD files have been removed from the package, as\n they are required for build purposes only. (BZ#634159)\n\n - The previous version of sudo did not use the same\n location for the LDAP configuration files as the\n nss_ldap package. This has been fixed and sudo now looks\n for these files in the same location as the nss_ldap\n package. (BZ#652726)\n\n - When a file was edited using the 'sudo -e file' or the\n 'sudoedit file' command, the editor being executed for\n this task was logged only as 'sudoedit'. With this\n update, the full path to the executable being used as an\n editor is now logged (instead of 'sudoedit').\n (BZ#665131)\n\n - A comment regarding the 'visiblepw' option of the\n 'Defaults' directive has been added to the default\n '/etc/sudoers' file to clarify its usage. (BZ#688640)\n\n - This erratum upgrades sudo to upstream version 1.7.4p5,\n which provides a number of bug fixes and enhancements\n over the previous version. (BZ#615087)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.", "edition": 25, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : sudo on SL6.x i386/x86_64", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2012-08-01T00:00:00", "cpe": ["x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20110519_SUDO_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61050);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0010\");\n\n script_name(english:\"Scientific Linux Security Update : sudo on SL6.x i386/x86_64\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nThis update also fixes the following bugs :\n\n - When the '/etc/sudoers' file contained entries with\n multiple hosts, running the 'sudo -l' command\n incorrectly reported that a certain user does not have\n permissions to use sudo on the system. With this update,\n running the 'sudo -l' command now produces the correct\n output. (BZ#603823)\n\n - Prior to this update, the manual page for sudoers.ldap\n was not installed, even though it contains important\n information on how to set up an LDAP (Lightweight\n Directory Access Protocol) sudoers source, and other\n documents refer to it. With this update, the manual page\n is now properly included in the package. Additionally,\n various POD files have been removed from the package, as\n they are required for build purposes only. (BZ#634159)\n\n - The previous version of sudo did not use the same\n location for the LDAP configuration files as the\n nss_ldap package. This has been fixed and sudo now looks\n for these files in the same location as the nss_ldap\n package. (BZ#652726)\n\n - When a file was edited using the 'sudo -e file' or the\n 'sudoedit file' command, the editor being executed for\n this task was logged only as 'sudoedit'. With this\n update, the full path to the executable being used as an\n editor is now logged (instead of 'sudoedit').\n (BZ#665131)\n\n - A comment regarding the 'visiblepw' option of the\n 'Defaults' directive has been added to the default\n '/etc/sudoers' file to clarify its usage. (BZ#688640)\n\n - This erratum upgrades sudo to upstream version 1.7.4p5,\n which provides a number of bug fixes and enhancements\n over the previous version. (BZ#615087)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=603823\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=615087\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=634159\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=652726\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=665131\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=688640\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1106&L=scientific-linux-errata&T=0&P=75\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2424f8ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"sudo-1.7.4p5-5.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"sudo-debuginfo-1.7.4p5-5.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T12:46:45", "description": "From Red Hat Security Advisory 2012:0309 :\n\nAn updated sudo package that fixes one security issue and various bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs :\n\n* A NULL pointer dereference bug caused the sudo utility to terminate\nunexpectedly with a segmentation fault. This happened if the utility\nwas run with the -g option and configured not to demand the password\nfrom the user who ran the sudo utility. With this update, the code has\nbeen modified and the problem no longer occurs. (BZ#673072)\n\n* The sudo utility failed to load sudoers from an LDAP (Lightweight\nDirectory Access Protocol) server after the sudo tool was upgraded.\nThis happened because the upgraded nsswitch.conf file did not contain\nthe instruction to search for sudoers on the LDAP server. This update\nadds the lost instruction to /etc/nsswitch.conf and the system\nsearches for sources of sudoers on the local file system and then on\nLDAP, if applicable. (BZ#617061)\n\n* The sudo tool interpreted a Runas alias specifying a group\nincorrectly as a user alias and the alias seemed to be ignored. With\nthis update, the code for interpreting such aliases has been modified\nand the Runas group aliases are honored as expected. (BZ#627543)\n\n* Prior to this update, sudo did not parse comment characters (#) in\nthe ldap.conf file correctly and could fail to work. With this update,\nparsing of the LDAP configuration file has been modified and the\ncomment characters are parsed correctly. (BZ#750318)\n\n* The sudo utility formats its output to fit the width of the terminal\nwindow. However, this behavior is undesirable if the output is\nredirected through a pipeline. With this update, the output formatting\nis not applied in the scenario described. (BZ#697111)\n\n* Previously, the sudo utility performed Security-Enhanced Linux\n(SELinux) related initialization after switching to an unprivileged\nuser. This prevented the correct setup of the SELinux environment\nbefore executing the specified command and could potentially cause an\naccess denial. The bug has been fixed by backporting the SELinux\nrelated code and the execution model from a newer version of sudo.\n(BZ#477185)\n\n* On execv(3) function failure, the sudo tool executed an auditing\ncall before reporting the failure. The call reset the error state and,\nconsequently, the tool incorrectly reported that the command\nsucceeded. With this update, the code has been modified and the\nproblem no longer occurs. (BZ#673157)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.", "edition": 22, "published": "2013-07-12T00:00:00", "title": "Oracle Linux 5 : sudo (ELSA-2012-0309)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2013-07-12T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:sudo", "cpe:/o:oracle:linux:5"], "id": "ORACLELINUX_ELSA-2012-0309.NASL", "href": "https://www.tenable.com/plugins/nessus/68480", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2012:0309 and \n# Oracle Linux Security Advisory ELSA-2012-0309 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(68480);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0010\");\n script_bugtraq_id(45774);\n script_xref(name:\"RHSA\", value:\"2012:0309\");\n\n script_name(english:\"Oracle Linux 5 : sudo (ELSA-2012-0309)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2012:0309 :\n\nAn updated sudo package that fixes one security issue and various bugs\nis now available for Red Hat Enterprise Linux 5.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs :\n\n* A NULL pointer dereference bug caused the sudo utility to terminate\nunexpectedly with a segmentation fault. This happened if the utility\nwas run with the -g option and configured not to demand the password\nfrom the user who ran the sudo utility. With this update, the code has\nbeen modified and the problem no longer occurs. (BZ#673072)\n\n* The sudo utility failed to load sudoers from an LDAP (Lightweight\nDirectory Access Protocol) server after the sudo tool was upgraded.\nThis happened because the upgraded nsswitch.conf file did not contain\nthe instruction to search for sudoers on the LDAP server. This update\nadds the lost instruction to /etc/nsswitch.conf and the system\nsearches for sources of sudoers on the local file system and then on\nLDAP, if applicable. (BZ#617061)\n\n* The sudo tool interpreted a Runas alias specifying a group\nincorrectly as a user alias and the alias seemed to be ignored. With\nthis update, the code for interpreting such aliases has been modified\nand the Runas group aliases are honored as expected. (BZ#627543)\n\n* Prior to this update, sudo did not parse comment characters (#) in\nthe ldap.conf file correctly and could fail to work. With this update,\nparsing of the LDAP configuration file has been modified and the\ncomment characters are parsed correctly. (BZ#750318)\n\n* The sudo utility formats its output to fit the width of the terminal\nwindow. However, this behavior is undesirable if the output is\nredirected through a pipeline. With this update, the output formatting\nis not applied in the scenario described. (BZ#697111)\n\n* Previously, the sudo utility performed Security-Enhanced Linux\n(SELinux) related initialization after switching to an unprivileged\nuser. This prevented the correct setup of the SELinux environment\nbefore executing the specified command and could potentially cause an\naccess denial. The bug has been fixed by backporting the SELinux\nrelated code and the execution model from a newer version of sudo.\n(BZ#477185)\n\n* On execv(3) function failure, the sudo tool executed an auditing\ncall before reporting the failure. The call reset the error state and,\nconsequently, the tool incorrectly reported that the command\nsucceeded. With this update, the code has been modified and the\nproblem no longer occurs. (BZ#673157)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2012-March/002660.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:5\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 5\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL5\", reference:\"sudo-1.7.2p1-13.el5\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:47:13", "description": "Todd Miller reports :\n\nBeginning with sudo version 1.7.0 it has been possible to grant\npermission to run a command using a specified group via sudo's -g\noption (run as group), if allowed by the sudoers file. A flaw exists\nin sudo's password checking logic that allows a user to run a command\nwith only the group changed without being prompted for a password.", "edition": 27, "published": "2011-01-14T00:00:00", "title": "FreeBSD : sudo -- local privilege escalation (908f4cf2-1e8b-11e0-a587-001b77d09812)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2011-01-14T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:sudo", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_908F4CF21E8B11E0A587001B77D09812.NASL", "href": "https://www.tenable.com/plugins/nessus/51521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51521);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0010\");\n\n script_name(english:\"FreeBSD : sudo -- local privilege escalation (908f4cf2-1e8b-11e0-a587-001b77d09812)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Todd Miller reports :\n\nBeginning with sudo version 1.7.0 it has been possible to grant\npermission to run a command using a specified group via sudo's -g\noption (run as group), if allowed by the sudoers file. A flaw exists\nin sudo's password checking logic that allows a user to run a command\nwith only the group changed without being prompted for a password.\"\n );\n # http://www.sudo.ws/sudo/alerts/runas_group_pw.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.sudo.ws/sudo/alerts/runas_group_pw.html\"\n );\n # http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641\"\n );\n # https://vuxml.freebsd.org/freebsd/908f4cf2-1e8b-11e0-a587-001b77d09812.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4183880e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"sudo>=1.7.0<1.7.4.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:09:15", "description": "An updated sudo package that fixes one security issue and several bugs\nis now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nThis update also fixes the following bugs :\n\n* When the '/etc/sudoers' file contained entries with multiple hosts,\nrunning the 'sudo -l' command incorrectly reported that a certain user\ndoes not have permissions to use sudo on the system. With this update,\nrunning the 'sudo -l' command now produces the correct output.\n(BZ#603823)\n\n* Prior to this update, the manual page for sudoers.ldap was not\ninstalled, even though it contains important information on how to set\nup an LDAP (Lightweight Directory Access Protocol) sudoers source, and\nother documents refer to it. With this update, the manual page is now\nproperly included in the package. Additionally, various POD files have\nbeen removed from the package, as they are required for build purposes\nonly. (BZ#634159)\n\n* The previous version of sudo did not use the same location for the\nLDAP configuration files as the nss_ldap package. This has been fixed\nand sudo now looks for these files in the same location as the\nnss_ldap package. (BZ#652726)\n\n* When a file was edited using the 'sudo -e file' or the 'sudoedit\nfile' command, the editor being executed for this task was logged only\nas 'sudoedit'. With this update, the full path to the executable being\nused as an editor is now logged (instead of 'sudoedit'). (BZ#665131)\n\n* A comment regarding the 'visiblepw' option of the 'Defaults'\ndirective has been added to the default '/etc/sudoers' file to clarify\nits usage. (BZ#688640)\n\n* This erratum upgrades sudo to upstream version 1.7.4p5, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#615087)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.", "edition": 28, "published": "2011-05-20T00:00:00", "title": "RHEL 6 : sudo (RHSA-2011:0599)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2011-05-20T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo", "p-cpe:/a:redhat:enterprise_linux:sudo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2011-0599.NASL", "href": "https://www.tenable.com/plugins/nessus/54596", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2011:0599. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(54596);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0010\");\n script_bugtraq_id(45774);\n script_xref(name:\"RHSA\", value:\"2011:0599\");\n\n script_name(english:\"RHEL 6 : sudo (RHSA-2011:0599)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated sudo package that fixes one security issue and several bugs\nis now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having low\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nThis update also fixes the following bugs :\n\n* When the '/etc/sudoers' file contained entries with multiple hosts,\nrunning the 'sudo -l' command incorrectly reported that a certain user\ndoes not have permissions to use sudo on the system. With this update,\nrunning the 'sudo -l' command now produces the correct output.\n(BZ#603823)\n\n* Prior to this update, the manual page for sudoers.ldap was not\ninstalled, even though it contains important information on how to set\nup an LDAP (Lightweight Directory Access Protocol) sudoers source, and\nother documents refer to it. With this update, the manual page is now\nproperly included in the package. Additionally, various POD files have\nbeen removed from the package, as they are required for build purposes\nonly. (BZ#634159)\n\n* The previous version of sudo did not use the same location for the\nLDAP configuration files as the nss_ldap package. This has been fixed\nand sudo now looks for these files in the same location as the\nnss_ldap package. (BZ#652726)\n\n* When a file was edited using the 'sudo -e file' or the 'sudoedit\nfile' command, the editor being executed for this task was logged only\nas 'sudoedit'. With this update, the full path to the executable being\nused as an editor is now logged (instead of 'sudoedit'). (BZ#665131)\n\n* A comment regarding the 'visiblepw' option of the 'Defaults'\ndirective has been added to the default '/etc/sudoers' file to clarify\nits usage. (BZ#688640)\n\n* This erratum upgrades sudo to upstream version 1.7.4p5, which\nprovides a number of bug fixes and enhancements over the previous\nversion. (BZ#615087)\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2011-0010\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2011:0599\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2011:0599\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"sudo-1.7.4p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"sudo-1.7.4p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"sudo-1.7.4p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"sudo-debuginfo-1.7.4p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"sudo-debuginfo-1.7.4p5-5.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"sudo-debuginfo-1.7.4p5-5.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo\");\n }\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T13:46:28", "description": "The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs :\n\n - A NULL pointer dereference bug caused the sudo utility\n to terminate unexpectedly with a segmentation fault.\n This happened if the utility was run with the -g option\n and configured not to demand the password from the user\n who ran the sudo utility. With this update, the code has\n been modified and the problem no longer occurs.\n\n - The sudo utility failed to load sudoers from an LDAP\n (Lightweight Directory Access Protocol) server after the\n sudo tool was upgraded. This happened because the\n upgraded nsswitch.conf file did not contain the\n instruction to search for sudoers on the LDAP server.\n This update adds the lost instruction to\n /etc/nsswitch.conf and the system searches for sources\n of sudoers on the local file system and then on LDAP, if\n applicable.\n\n - The sudo tool interpreted a Runas alias specifying a\n group incorrectly as a user alias and the alias seemed\n to be ignored. With this update, the code for\n interpreting such aliases has been modified and the\n Runas group aliases are honored as expected.\n\n - Prior to this update, sudo did not parse comment\n characters (#) in the ldap.conf file correctly and could\n fail to work. With this update, parsing of the LDAP\n configuration file has been modified and the comment\n characters are parsed correctly.\n\n - The sudo utility formats its output to fit the width of\n the terminal window. However, this behavior is\n undesirable if the output is redirected through a\n pipeline. With this update, the output formatting is not\n applied in the scenario described.\n\n - Previously, the sudo utility performed Security-Enhanced\n Linux (SELinux) related initialization after switching\n to an unprivileged user. This prevented the correct\n setup of the SELinux environment before executing the\n specified command and could potentially cause an access\n denial. The bug has been fixed by backporting the\n SELinux related code and the execution model from a\n newer version of sudo.\n\n - On execv(3) function failure, the sudo tool executed an\n auditing call before reporting the failure. The call\n reset the error state and, consequently, the tool\n incorrectly reported that the command succeeded. With\n this update, the code has been modified and the problem\n no longer occurs.\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.", "edition": 15, "published": "2012-08-01T00:00:00", "title": "Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120221)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "modified": "2012-08-01T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:sudo-debuginfo", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:sudo"], "id": "SL_20120221_SUDO_ON_SL5_X.NASL", "href": "https://www.tenable.com/plugins/nessus/61271", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61271);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-0010\");\n\n script_name(english:\"Scientific Linux Security Update : sudo on SL5.x i386/x86_64 (20120221)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The sudo (superuser do) utility allows system administrators to give\ncertain users the ability to run commands as root.\n\nA flaw was found in the sudo password checking logic. In\nconfigurations where the sudoers settings allowed a user to run a\ncommand using sudo with only the group ID changed, sudo failed to\nprompt for the user's password before running the specified command\nwith the elevated group privileges. (CVE-2011-0010)\n\nIn addition, this update fixes the following bugs :\n\n - A NULL pointer dereference bug caused the sudo utility\n to terminate unexpectedly with a segmentation fault.\n This happened if the utility was run with the -g option\n and configured not to demand the password from the user\n who ran the sudo utility. With this update, the code has\n been modified and the problem no longer occurs.\n\n - The sudo utility failed to load sudoers from an LDAP\n (Lightweight Directory Access Protocol) server after the\n sudo tool was upgraded. This happened because the\n upgraded nsswitch.conf file did not contain the\n instruction to search for sudoers on the LDAP server.\n This update adds the lost instruction to\n /etc/nsswitch.conf and the system searches for sources\n of sudoers on the local file system and then on LDAP, if\n applicable.\n\n - The sudo tool interpreted a Runas alias specifying a\n group incorrectly as a user alias and the alias seemed\n to be ignored. With this update, the code for\n interpreting such aliases has been modified and the\n Runas group aliases are honored as expected.\n\n - Prior to this update, sudo did not parse comment\n characters (#) in the ldap.conf file correctly and could\n fail to work. With this update, parsing of the LDAP\n configuration file has been modified and the comment\n characters are parsed correctly.\n\n - The sudo utility formats its output to fit the width of\n the terminal window. However, this behavior is\n undesirable if the output is redirected through a\n pipeline. With this update, the output formatting is not\n applied in the scenario described.\n\n - Previously, the sudo utility performed Security-Enhanced\n Linux (SELinux) related initialization after switching\n to an unprivileged user. This prevented the correct\n setup of the SELinux environment before executing the\n specified command and could potentially cause an access\n denial. The bug has been fixed by backporting the\n SELinux related code and the execution model from a\n newer version of sudo.\n\n - On execv(3) function failure, the sudo tool executed an\n auditing call before reporting the failure. The call\n reset the error state and, consequently, the tool\n incorrectly reported that the command succeeded. With\n this update, the code has been modified and the problem\n no longer occurs.\n\nAll users of sudo are advised to upgrade to this updated package,\nwhich resolves these issues.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1203&L=scientific-linux-errata&T=0&P=3419\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eb6a296c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-debuginfo packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/01/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/08/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 5.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL5\", reference:\"sudo-1.7.2p1-13.el5\")) flag++;\nif (rpm_check(release:\"SL5\", reference:\"sudo-debuginfo-1.7.2p1-13.el5\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo\");\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:53:30", "description": "The remote host is affected by the vulnerability described in GLSA-201203-06\n(sudo: Privilege escalation)\n\n Two vulnerabilities have been discovered in sudo:\n When the sudoers file is configured with a Runas group, sudo does not\n prompt for a password when changing to the new group (CVE-2011-0010).\n A format string vulnerability exists in the 'sudo_debug()' function\n (CVE-2012-0809).\n \nImpact :\n\n A local attacker could possibly gain the ability to run arbitrary\n commands with the privileges of other users or groups, including root.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-03-06T00:00:00", "title": "GLSA-201203-06 : sudo: Privilege escalation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-0809", "CVE-2011-0010"], "modified": "2012-03-06T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:sudo"], "id": "GENTOO_GLSA-201203-06.NASL", "href": "https://www.tenable.com/plugins/nessus/58216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201203-06.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(58216);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-0010\", \"CVE-2012-0809\");\n script_bugtraq_id(45774, 51719);\n script_xref(name:\"GLSA\", value:\"201203-06\");\n\n script_name(english:\"GLSA-201203-06 : sudo: Privilege escalation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201203-06\n(sudo: Privilege escalation)\n\n Two vulnerabilities have been discovered in sudo:\n When the sudoers file is configured with a Runas group, sudo does not\n prompt for a password when changing to the new group (CVE-2011-0010).\n A format string vulnerability exists in the 'sudo_debug()' function\n (CVE-2012-0809).\n \nImpact :\n\n A local attacker could possibly gain the ability to run arbitrary\n commands with the privileges of other users or groups, including root.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201203-06\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All sudo users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.3_p2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/03/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-admin/sudo\", unaffected:make_list(\"ge 1.8.3_p2\", \"rge 1.7.4_p5\"), vulnerable:make_list(\"lt 1.8.3_p2\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:08:58", "description": " - rebase to 1.7.4p5\n\n - fixed sudo-1.7.4p4-getgrouplist.patch\n\n - fixes CVE-2011-0008, CVE-2011-0010\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 25, "published": "2011-01-19T00:00:00", "title": "Fedora 14 : sudo-1.7.4p5-1.fc14 (2011-0470)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0034", "CVE-2011-0008", "CVE-2011-0010"], "modified": "2011-01-19T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:sudo", "cpe:/o:fedoraproject:fedora:14"], "id": "FEDORA_2011-0470.NASL", "href": "https://www.tenable.com/plugins/nessus/51566", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2011-0470.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51566);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2009-0034\", \"CVE-2011-0008\", \"CVE-2011-0010\");\n script_bugtraq_id(33517, 45774);\n script_xref(name:\"FEDORA\", value:\"2011-0470\");\n\n script_name(english:\"Fedora 14 : sudo-1.7.4p5-1.fc14 (2011-0470)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - rebase to 1.7.4p5\n\n - fixed sudo-1.7.4p4-getgrouplist.patch\n\n - fixes CVE-2011-0008, CVE-2011-0010\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=668843\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=668879\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2011-January/053263.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b337c23f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(264);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:14\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/01/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^14([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 14.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC14\", reference:\"sudo-1.7.4p5-1.fc14\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-09T00:33:29", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0010"], "description": "Alexander Kurtz discovered that sudo would not prompt for a password when \na group was specified in the Runas_Spec. A local attacker could exploit \nthis to execute arbitrary code as the specified group if sudo was \nconfigured to allow the attacker to use a program as this group. The group \nRunas_Spec is not used in the default installation of Ubuntu.", "edition": 5, "modified": "2011-01-20T00:00:00", "published": "2011-01-20T00:00:00", "id": "USN-1046-1", "href": "https://ubuntu.com/security/notices/USN-1046-1", "title": "Sudo vulnerability", "type": "ubuntu", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2017-12-04T11:27:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1046-1", "modified": "2017-12-01T00:00:00", "published": "2011-01-21T00:00:00", "id": "OPENVAS:840571", "href": "http://plugins.openvas.org/nasl.php?oid=840571", "type": "openvas", "title": "Ubuntu Update for sudo vulnerability USN-1046-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1046_1.nasl 7964 2017-12-01 07:32:11Z santu $\n#\n# Ubuntu Update for sudo vulnerability USN-1046-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Alexander Kurtz discovered that sudo would not prompt for a password when\n a group was specified in the Runas_Spec. A local attacker could exploit\n this to execute arbitrary code as the specified group if sudo was\n configured to allow the attacker to use a program as this group. The group\n Runas_Spec is not used in the default installation of Ubuntu.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1046-1\";\ntag_affected = \"sudo vulnerability on Ubuntu 9.10 ,\n Ubuntu 10.04 LTS ,\n Ubuntu 10.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1046-1/\");\n script_id(840571);\n script_version(\"$Revision: 7964 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 08:32:11 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-21 14:59:01 +0100 (Fri, 21 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"USN\", value: \"1046-1\");\n script_cve_id(\"CVE-2011-0010\");\n script_name(\"Ubuntu Update for sudo vulnerability USN-1046-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.0-1ubuntu2.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.0-1ubuntu2.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p7-1ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p7-1ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p1-1ubuntu5.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p1-1ubuntu5.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-01-02T10:58:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "Check for the Version of sudo", "modified": "2017-12-28T00:00:00", "published": "2012-02-21T00:00:00", "id": "OPENVAS:870553", "href": "http://plugins.openvas.org/nasl.php?oid=870553", "type": "openvas", "title": "RedHat Update for sudo RHSA-2012:0309-03", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2012:0309-03\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The sudo (superuser do) utility allows system administrators to give\n certain users the ability to run commands as root.\n\n A flaw was found in the sudo password checking logic. In configurations\n where the sudoers settings allowed a user to run a command using sudo\n with only the group ID changed, sudo failed to prompt for the user's\n password before running the specified command with the elevated group\n privileges. (CVE-2011-0010)\n\n In addition, this update fixes the following bugs:\n\n * A NULL pointer dereference bug caused the sudo utility to terminate\n unexpectedly with a segmentation fault. This happened if the utility was\n run with the -g option and configured not to demand the password from the\n user who ran the sudo utility. With this update, the code has been modified\n and the problem no longer occurs. (BZ#673072)\n\n * The sudo utility failed to load sudoers from an LDAP (Lightweight\n Directory Access Protocol) server after the sudo tool was upgraded. This\n happened because the upgraded nsswitch.conf file did not contain the\n instruction to search for sudoers on the LDAP server. This update adds the\n lost instruction to /etc/nsswitch.conf and the system searches for sources\n of sudoers on the local file system and then on LDAP, if applicable.\n (BZ#617061)\n\n * The sudo tool interpreted a Runas alias specifying a group incorrectly as\n a user alias and the alias seemed to be ignored. With this update, the code\n for interpreting such aliases has been modified and the Runas group aliases\n are honored as expected. (BZ#627543)\n\n * Prior to this update, sudo did not parse comment characters (#) in the\n ldap.conf file correctly and could fail to work. With this update, parsing\n of the LDAP configuration file has been modified and the comment characters\n are parsed correctly. (BZ#750318)\n\n * The sudo utility formats its output to fit the width of the terminal\n window. However, this behavior is undesirable if the output is redirected\n through a pipeline. With this update, the output formatting is not applied\n in the scenario described. (BZ#697111)\n\n * Previously, the sudo utility performed Security-Enhanced Linux (SELinux)\n related initialization after switching to an unprivileged user. This\n prevented the correct setup of the SELinux environment before executing the\n specified command and could potentially cause an access denial. The bug has\n been fixed by backporting the SELinux related code and the execution model\n from a newer version of sudo. (BZ#477185)\n\n * On execv(3) function failure, the sudo tool executed a ...\n\n Description truncated, for more information please check the Reference URL\";\n\ntag_affected = \"sudo on Red Hat Enterprise Linux (v. 5 server)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2012-February/msg00047.html\");\n script_id(870553);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-21 18:56:44 +0530 (Tue, 21 Feb 2012)\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2012:0309-03\");\n script_name(\"RedHat Update for sudo RHSA-2012:0309-03\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_5\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~13.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.7.2p1~13.el5\", rls:\"RHENT_5\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "Oracle Linux Local Security Checks ELSA-2012-0309", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123966", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123966", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2012-0309", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2012-0309.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123966\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:10:56 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2012-0309\");\n script_tag(name:\"insight\", value:\"ELSA-2012-0309 - sudo security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2012-0309\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2012-0309.html\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux5\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux5\")\n{\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.2p1~13.el5\", rls:\"OracleLinux5\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:29", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2011-01-24T00:00:00", "id": "OPENVAS:136141256231068818", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068818", "type": "openvas", "title": "FreeBSD Ports: sudo", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_sudo9.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID 908f4cf2-1e8b-11e0-a587-001b77d09812\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68818\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-24 17:55:59 +0100 (Mon, 24 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2011-0010\");\n script_name(\"FreeBSD Ports: sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: sudo\n\nCVE-2011-0010\ncheck.c in sudo 1.7.x before 1.7.4p5, when a Runas group is\nconfigured, does not require a password for command execution that\ninvolves a gid change but no uid change, which allows local users to\nbypass an intended authentication requirement via the -g option to a\nsudo command.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.sudo.ws/sudo/alerts/runas_group_pw.html\");\n script_xref(name:\"URL\", value:\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=609641\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/908f4cf2-1e8b-11e0-a587-001b77d09812.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"sudo\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.7.0\")>=0 && revcomp(a:bver, b:\"1.7.4.5\")<0) {\n txt += 'Package sudo version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:38:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-041-05.", "modified": "2019-03-15T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:136141256231068920", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231068920", "type": "openvas", "title": "Slackware Advisory SSA:2011-041-05 sudo", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_041_05.nasl 14202 2019-03-15 09:16:15Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.68920\");\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 10:16:15 +0100 (Fri, 15 Mar 2019) $\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 14202 $\");\n script_name(\"Slackware Advisory SSA:2011-041-05 sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\", re:\"ssh/login/release=SLK(8\\.1|9\\.0|9\\.1|10\\.0|10\\.1|10\\.2|11\\.0|12\\.0|12\\.1|12\\.2|13\\.0|13\\.1)\");\n\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-041-05\");\n\n script_tag(name:\"insight\", value:\"New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.\");\n\n script_tag(name:\"solution\", value:\"Upgrade to the new package(s).\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update as announced\nvia advisory SSA:2011-041-05.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-slack.inc\");\n\nreport = \"\";\nres = \"\";\n\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i386-1_slack8.1\", rls:\"SLK8.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i386-1_slack9.0\", rls:\"SLK9.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack9.1\", rls:\"SLK9.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack10.0\", rls:\"SLK10.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack10.1\", rls:\"SLK10.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack10.2\", rls:\"SLK10.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack11.0\", rls:\"SLK11.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack12.0\", rls:\"SLK12.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack12.1\", rls:\"SLK12.1\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack12.2\", rls:\"SLK12.2\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack13.0\", rls:\"SLK13.0\")) != NULL) {\n report += res;\n}\nif((res = isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack13.1\", rls:\"SLK13.1\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2018-01-02T10:56:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "Check for the Version of sudo", "modified": "2018-01-02T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:870711", "href": "http://plugins.openvas.org/nasl.php?oid=870711", "type": "openvas", "title": "RedHat Update for sudo RHSA-2011:0599-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2011:0599-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The sudo (superuser do) utility allows system administrators to give\n certain users the ability to run commands as root.\n\n A flaw was found in the sudo password checking logic. In configurations\n where the sudoers settings allowed a user to run a command using sudo with\n only the group ID changed, sudo failed to prompt for the user's password\n before running the specified command with the elevated group privileges.\n (CVE-2011-0010)\n\n This update also fixes the following bugs:\n\n * When the "/etc/sudoers" file contained entries with multiple hosts,\n running the "sudo -l" command incorrectly reported that a certain user does\n not have permissions to use sudo on the system. With this update, running\n the "sudo -l" command now produces the correct output. (BZ#603823)\n\n * Prior to this update, the manual page for sudoers.ldap was not installed,\n even though it contains important information on how to set up an LDAP\n (Lightweight Directory Access Protocol) sudoers source, and other documents\n refer to it. With this update, the manual page is now properly included in\n the package. Additionally, various POD files have been removed from the\n package, as they are required for build purposes only. (BZ#634159)\n\n * The previous version of sudo did not use the same location for the LDAP\n configuration files as the nss_ldap package. This has been fixed and sudo\n now looks for these files in the same location as the nss_ldap package.\n (BZ#652726)\n\n * When a file was edited using the "sudo -e file" or the "sudoedit file"\n command, the editor being executed for this task was logged only as\n "sudoedit". With this update, the full path to the executable being used as\n an editor is now logged (instead of "sudoedit"). (BZ#665131)\n\n * A comment regarding the "visiblepw" option of the "Defaults" directive\n has been added to the default "/etc/sudoers" file to clarify its usage.\n (BZ#688640)\n\n * This erratum upgrades sudo to upstream version 1.7.4p5, which provides a\n number of bug fixes and enhancements over the previous version. (BZ#615087)\n\n All users of sudo are advised to upgrade to this updated package, which\n resolves these issues.\";\n\ntag_affected = \"sudo on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00021.html\");\n script_id(870711);\n script_version(\"$Revision: 8267 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-02 07:29:17 +0100 (Tue, 02 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:51:51 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name: \"RHSA\", value: \"2011:0599-01\");\n script_name(\"RedHat Update for sudo RHSA-2011:0599-01\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of sudo\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.4p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.7.4p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:36:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "Oracle Linux Local Security Checks ELSA-2011-0599", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310122174", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122174", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2011-0599", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2011-0599.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.122174\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 14:14:15 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2011-0599\");\n script_tag(name:\"insight\", value:\"ELSA-2011-0599 - sudo security and bug fix update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2011-0599\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2011-0599.html\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.4p5~5.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:39:02", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "The remote host is missing an update for the ", "modified": "2019-03-12T00:00:00", "published": "2012-06-06T00:00:00", "id": "OPENVAS:1361412562310870711", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310870711", "type": "openvas", "title": "RedHat Update for sudo RHSA-2011:0599-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2011:0599-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2011-May/msg00021.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.870711\");\n script_version(\"$Revision: 14114 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-12 12:48:52 +0100 (Tue, 12 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-06 10:51:51 +0530 (Wed, 06 Jun 2012)\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"RHSA\", value:\"2011:0599-01\");\n script_name(\"RedHat Update for sudo RHSA-2011:0599-01\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n script_tag(name:\"affected\", value:\"sudo on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"The sudo (superuser do) utility allows system administrators to give\n certain users the ability to run commands as root.\n\n A flaw was found in the sudo password checking logic. In configurations\n where the sudoers settings allowed a user to run a command using sudo with\n only the group ID changed, sudo failed to prompt for the user's password\n before running the specified command with the elevated group privileges.\n (CVE-2011-0010)\n\n This update also fixes the following bugs:\n\n * When the '/etc/sudoers' file contained entries with multiple hosts,\n running the 'sudo -l' command incorrectly reported that a certain user does\n not have permissions to use sudo on the system. With this update, running\n the 'sudo -l' command now produces the correct output. (BZ#603823)\n\n * Prior to this update, the manual page for sudoers.ldap was not installed,\n even though it contains important information on how to set up an LDAP\n (Lightweight Directory Access Protocol) sudoers source, and other documents\n refer to it. With this update, the manual page is now properly included in\n the package. Additionally, various POD files have been removed from the\n package, as they are required for build purposes only. (BZ#634159)\n\n * The previous version of sudo did not use the same location for the LDAP\n configuration files as the nss_ldap package. This has been fixed and sudo\n now looks for these files in the same location as the nss_ldap package.\n (BZ#652726)\n\n * When a file was edited using the 'sudo -e file' or the 'sudoedit file'\n command, the editor being executed for this task was logged only as\n 'sudoedit'. With this update, the full path to the executable being used as\n an editor is now logged (instead of 'sudoedit'). (BZ#665131)\n\n * A comment regarding the 'visiblepw' option of the 'Defaults' directive\n has been added to the default '/etc/sudoers' file to clarify its usage.\n (BZ#688640)\n\n * This erratum upgrades sudo to upstream version 1.7.4p5, which provides a\n number of bug fixes and enhancements over the previous version. (BZ#615087)\n\n All users of sudo are advised to upgrade to this updated package, which\n resolves these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.7.4p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.7.4p5~5.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-24T12:51:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "The remote host is missing an update as announced\nvia advisory SSA:2011-041-05.", "modified": "2017-07-07T00:00:00", "published": "2012-09-11T00:00:00", "id": "OPENVAS:68920", "href": "http://plugins.openvas.org/nasl.php?oid=68920", "type": "openvas", "title": "Slackware Advisory SSA:2011-041-05 sudo ", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: esoft_slk_ssa_2011_041_05.nasl 6598 2017-07-07 09:36:44Z cfischer $\n# Description: Auto-generated from the corresponding slackware advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"New sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2,\n11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.\";\ntag_summary = \"The remote host is missing an update as announced\nvia advisory SSA:2011-041-05.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=SSA:2011-041-05\";\n \nif(description)\n{\n script_id(68920);\n script_tag(name:\"creation_date\", value:\"2012-09-11 01:34:21 +0200 (Tue, 11 Sep 2012)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:36:44 +0200 (Fri, 07 Jul 2017) $\");\n script_cve_id(\"CVE-2011-0010\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_version(\"$Revision: 6598 $\");\n script_name(\"Slackware Advisory SSA:2011-041-05 sudo \");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Slackware Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/slackware_linux\", \"ssh/login/slackpack\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-slack.inc\");\nvuln = 0;\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i386-1_slack8.1\", rls:\"SLK8.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i386-1_slack9.0\", rls:\"SLK9.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack9.1\", rls:\"SLK9.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack10.0\", rls:\"SLK10.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack10.1\", rls:\"SLK10.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack10.2\", rls:\"SLK10.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack11.0\", rls:\"SLK11.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack12.0\", rls:\"SLK12.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack12.1\", rls:\"SLK12.1\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack12.2\", rls:\"SLK12.2\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack13.0\", rls:\"SLK13.0\")) {\n vuln = 1;\n}\nif(isslkpkgvuln(pkg:\"sudo\", ver:\"1.7.4p6-i486-1_slack13.1\", rls:\"SLK13.1\")) {\n vuln = 1;\n}\n\nif(vuln) {\n security_message(0);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.4, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-0010"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1046-1", "modified": "2019-03-13T00:00:00", "published": "2011-01-21T00:00:00", "id": "OPENVAS:1361412562310840571", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310840571", "type": "openvas", "title": "Ubuntu Update for sudo vulnerability USN-1046-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1046_1.nasl 14132 2019-03-13 09:25:59Z cfischer $\n#\n# Ubuntu Update for sudo vulnerability USN-1046-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-1046-1/\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.840571\");\n script_version(\"$Revision: 14132 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 10:25:59 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-01-21 14:59:01 +0100 (Fri, 21 Jan 2011)\");\n script_tag(name:\"cvss_base\", value:\"4.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_xref(name:\"USN\", value:\"1046-1\");\n script_cve_id(\"CVE-2011-0010\");\n script_name(\"Ubuntu Update for sudo vulnerability USN-1046-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(9\\.10|10\\.10|10\\.04 LTS)\");\n script_tag(name:\"summary\", value:\"Ubuntu Update for Linux kernel vulnerabilities USN-1046-1\");\n script_tag(name:\"affected\", value:\"sudo vulnerability on Ubuntu 9.10,\n Ubuntu 10.04 LTS,\n Ubuntu 10.10\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Alexander Kurtz discovered that sudo would not prompt for a password when\n a group was specified in the Runas_Spec. A local attacker could exploit\n this to execute arbitrary code as the specified group if sudo was\n configured to allow the attacker to use a program as this group. The group\n Runas_Spec is not used in the default installation of Ubuntu.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU9.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.0-1ubuntu2.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.0-1ubuntu2.6\", rls:\"UBUNTU9.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p7-1ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p7-1ubuntu2.1\", rls:\"UBUNTU10.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p1-1ubuntu5.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p1-1ubuntu5.3\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0008", "CVE-2011-0010"], "description": "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. ", "modified": "2011-01-18T21:40:13", "published": "2011-01-18T21:40:13", "id": "FEDORA:B5D4D10F950", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 14 Update: sudo-1.7.4p5-1.fc14", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:50", "bulletinFamily": "unix", "cvelist": ["CVE-2011-0008", "CVE-2011-0010"], "description": "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. ", "modified": "2011-01-21T23:00:08", "published": "2011-01-21T23:00:08", "id": "FEDORA:A25E0110E82", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 13 Update: sudo-1.7.4p5-1.fc13", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:43", "bulletinFamily": "unix", "cvelist": ["CVE-2012-0809", "CVE-2011-0010"], "edition": 1, "description": "### Background\n\nsudo allows a system administrator to give users the ability to run commands as other users. \n\n### Description\n\nTwo vulnerabilities have been discovered in sudo:\n\n * When the sudoers file is configured with a Runas group, sudo does not prompt for a password when changing to the new group (CVE-2011-0010). \n * A format string vulnerability exists in the \"sudo_debug()\" function (CVE-2012-0809). \n\n### Impact\n\nA local attacker could possibly gain the ability to run arbitrary commands with the privileges of other users or groups, including root. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll sudo users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/sudo-1.8.3_p2\"", "modified": "2012-03-06T00:00:00", "published": "2012-03-06T00:00:00", "id": "GLSA-201203-06", "href": "https://security.gentoo.org/glsa/201203-06", "type": "gentoo", "title": "sudo: Privilege escalation", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}