Debian Security Advisory DSA 3167-1 (sudo - security update)

# OpenVAS Vulnerability Test
# $Id: deb_3167.nasl 6609 2017-07-07 12:05:59Z cfischer $
# Auto-generated from advisory DSA 3167-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#


if(description)
{
    script_id(703167);
    script_version("$Revision: 6609 $");
    script_cve_id("CVE-2014-9680");
    script_name("Debian Security Advisory DSA 3167-1 (sudo - security update)");
    script_tag(name: "last_modification", value: "$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $");
    script_tag(name: "creation_date", value: "2015-02-22 00:00:00 +0100 (Sun, 22 Feb 2015)");
    script_tag(name:"cvss_base", value:"2.1");
    script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
    script_tag(name: "solution_type", value: "VendorFix");

    script_xref(name: "URL", value: "http://www.debian.org/security/2015/dsa-3167.html");


    script_category(ACT_GATHER_INFO);

    script_copyright("Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net");
    script_family("Debian Local Security Checks");
    script_dependencies("gather-package-list.nasl");
    script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
    script_tag(name: "affected",  value: "sudo on Debian Linux");
    script_tag(name: "insight",   value: "Sudo is a program designed to allow a
sysadmin to give limited root privileges to users and log root activity. The
basic philosophy is to give as few privileges as possible but still allow people
to get their work done.");
    script_tag(name: "solution",  value: "For the stable distribution (wheezy),
this problem has been fixed in version 1.8.5p2-1+nmu2.

We recommend that you upgrade your sudo packages.");
    script_tag(name: "summary",   value: "Jakub Wilk reported that sudo, a
program designed to provide limited super user privileges to specific users,
preserves the TZ variable from a user's environment without any sanitization. A
user with sudo access may take advantage of this to exploit bugs in the C
library functions which parse the TZ environment variable or to open files that
the user would not otherwise be able to open. The later could potentially cause
changes in system behavior when reading certain device special files or
cause the program run via sudo to block.");
    script_tag(name: "vuldetect", value: "This check tests the installed software
version using the apt package manager.");
    script_tag(name:"qod_type", value:"package");
    exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"sudo", ver:"1.8.5p2-1+nmu2", rls_regex:"DEB7.[0-9]")) != NULL) {
    report += res;
}
if ((res = isdpkgvuln(pkg:"sudo-ldap", ver:"1.8.5p2-1+nmu2", rls_regex:"DEB7.[0-9]")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}