Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Slackware: Security Advisory (SSA:2023-311-01)

🗓️ 08 Nov 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas
 openvas🔗 plugins.openvas.org👁 14 Views

The remote host is missing an update for the 'sudo' package(s) announced via the SSA:2023-311-01 advisory. New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current sudo Multiple Vulnerabilities (SSA:2023-311-01)
8 Nov 202300:00
nessus
Tenable Nessus		EulerOS Virtualization 2.10.0 : sudo (EulerOS-SA-2024-1537)
19 Apr 202400:00
nessus
Tenable Nessus		EulerOS Virtualization 2.10.1 : sudo (EulerOS-SA-2024-1556)
19 Apr 202400:00
nessus
Tenable Nessus		EulerOS 2.0 SP11 : sudo (EulerOS-SA-2024-1251)
12 Mar 202400:00
nessus
Tenable Nessus		EulerOS 2.0 SP12 : sudo (EulerOS-SA-2024-1778)
30 May 202400:00
nessus
Tenable Nessus		Fedora 39 : sudo (2024-cdccda4f62)
28 Jan 202400:00
nessus
Tenable Nessus		Amazon Linux 2 : sudo (ALAS-2024-2447)
6 Feb 202400:00
nessus
Tenable Nessus		SUSE SLES12 Security Update : sudo (SUSE-SU-2024:0890-1)
16 Mar 202400:00
nessus
Tenable Nessus		SUSE SLES15 Security Update : sudo (SUSE-SU-2024:0889-1)
16 Mar 202400:00
nessus
Tenable Nessus		EulerOS 2.0 SP11 : sudo (EulerOS-SA-2024-1229)
12 Mar 202400:00
nessus
Rows per page
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.13.2023.311.01");
  script_cve_id("CVE-2023-42456", "CVE-2023-42465");
  script_tag(name:"creation_date", value:"2023-11-08 04:19:18 +0000 (Wed, 08 Nov 2023)");
  script_version("2025-01-14T05:37:03+0000");
  script_tag(name:"last_modification", value:"2025-01-14 05:37:03 +0000 (Tue, 14 Jan 2025)");
  script_tag(name:"cvss_base", value:"8.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:N/I:C/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-26 14:18:33 +0000 (Tue, 26 Sep 2023)");

  script_name("Slackware: Security Advisory (SSA:2023-311-01)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("Slackware Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(14\.0|14\.1|14\.2|15\.0|current)");

  script_xref(name:"Advisory-ID", value:"SSA:2023-311-01");
  script_xref(name:"URL", value:"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.479986");
  script_xref(name:"URL", value:"https://www.cve.org/CVERecord?id=CVE-2023-42456");
  script_xref(name:"URL", value:"https://www.cve.org/CVERecord?id=CVE-2023-42465");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'sudo' package(s) announced via the SSA:2023-311-01 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"New sudo packages are available for Slackware 14.0, 14.1, 14.2, 15.0,
and -current to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
patches/packages/sudo-1.9.15-i586-1_slack15.0.txz: Upgraded.
 The sudoers plugin has been modified to make it more resilient to ROWHAMMER
 attacks on authentication and policy matching.
 The sudoers plugin now constructs the user time stamp file path name using
 the user-ID instead of the user name. This avoids a potential problem with
 user names that contain a path separator ('/') being interpreted as part of
 the path name.
 For more information, see:
 [links moved to references]
 (* Security fix *)
+--------------------------+");

  script_tag(name:"affected", value:"'sudo' package(s) on Slackware 14.0, Slackware 14.1, Slackware 14.2, Slackware 15.0, Slackware current.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-slack.inc");

release = slk_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLK14.0") {

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-i486-1_slack14.0", rls:"SLK14.0"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-x86_64-1_slack14.0", rls:"SLK14.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK14.1") {

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-i486-1_slack14.1", rls:"SLK14.1"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-x86_64-1_slack14.1", rls:"SLK14.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK14.2") {

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-i586-1_slack14.2", rls:"SLK14.2"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-x86_64-1_slack14.2", rls:"SLK14.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK15.0") {

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-i586-1_slack15.0", rls:"SLK15.0"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-x86_64-1_slack15.0", rls:"SLK15.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLKcurrent") {

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-i586-1", rls:"SLKcurrent"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sudo", ver:"1.9.15-x86_64-1", rls:"SLKcurrent"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
08 Nov 2023 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS33.1 - 8.1
EPSS0.00083
SSVC
slackwaresecurity advisorysudo packageupdatecve-2023-42456cve-2023-42465vulnerabilityfixpackage(s)slackware 14.0slackware 14.1slackware 14.2slackware 15.0slackware current
14
.json
Report