{"cve": [{"lastseen": "2021-02-02T06:14:36", "description": "sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "LOW", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 3.3, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 1.4}, "published": "2017-04-24T06:59:00", "title": "CVE-2014-9680", "type": "cve", "cwe": ["CWE-200"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-9680"], "modified": "2018-01-05T02:29:00", "cpe": ["cpe:/a:sudo_project:sudo:1.8.11"], "id": "CVE-2014-9680", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9680", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:sudo_project:sudo:1.8.11:p2:*:*:*:*:*:*"]}], "f5": [{"lastseen": "2020-04-06T22:39:59", "bulletinFamily": "software", "cvelist": ["CVE-2016-7032", "CVE-2016-7077", "CVE-2016-7076", "CVE-2014-9680"], "description": "\nF5 Product Development has evaluated the currently supported releases for potential vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP AAM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP AFM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP Analytics | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP APM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP ASM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP DNS | None | 13.0.0 \n12.0.0 - 12.1.2 | Not vulnerable | None \nBIG-IP Edge Gateway | None | 11.2.1 | Not vulnerable | None \nBIG-IP GTM | None | 11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP Link Controller | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1 | Not vulnerable | None \nBIG-IP PEM | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 | Not vulnerable | None \nBIG-IP PSM | None | 11.4.0 - 11.4.1 | Not vulnerable | None \nBIG-IP WebAccelerator | None | 11.2.1 | Not vulnerable | None \nBIG-IP WebSafe | None | 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1 | Not vulnerable | None \nARX | None | 6.2.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.1.1 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.4.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.2.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.2.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.2 | Not vulnerable | None \nTraffix SDC | None | 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0 | Not vulnerable | None\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "edition": 1, "modified": "2018-09-13T21:17:00", "published": "2017-06-26T23:40:00", "id": "F5:K49229034", "href": "https://support.f5.com/csp/article/K49229034", "title": "Sudo vulnerabilities CVE-2014-9680, CVE-2016-7032, CVE-2016-7076, and CVE-2016-7077", "type": "f5", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:32:43", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled \nthe TZ environment variable. An attacker with Sudo access could possibly \nuse this issue to open arbitrary files, bypassing intended permissions.", "edition": 5, "modified": "2015-03-16T00:00:00", "published": "2015-03-16T00:00:00", "id": "USN-2533-1", "href": "https://ubuntu.com/security/notices/USN-2533-1", "title": "Sudo vulnerability", "type": "ubuntu", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:36:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-02-23T00:00:00", "id": "OPENVAS:1361412562310869030", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869030", "type": "openvas", "title": "Fedora Update for sudo FEDORA-2015-2281", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sudo FEDORA-2015-2281\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869030\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-23 05:41:44 +0100 (Mon, 23 Feb 2015)\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for sudo FEDORA-2015-2281\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"sudo on Fedora 21\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2281\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150218.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC21\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC21\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.12~1.fc21\", rls:\"FC21\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "The remote host is missing an update for the ", "modified": "2019-03-13T00:00:00", "published": "2015-03-17T00:00:00", "id": "OPENVAS:1361412562310842132", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842132", "type": "openvas", "title": "Ubuntu Update for sudo USN-2533-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Ubuntu Update for sudo USN-2533-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.842132\");\n script_version(\"$Revision: 14140 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-13 13:26:09 +0100 (Wed, 13 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-03-17 06:41:20 +0100 (Tue, 17 Mar 2015)\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Ubuntu Update for sudo USN-2533-1\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Jakub Wilk and Stephane Chazelas discovered\nthat Sudo incorrectly handled the TZ environment variable. An attacker with Sudo\naccess could possibly use this issue to open arbitrary files, bypassing intended\npermissions.\");\n script_tag(name:\"affected\", value:\"sudo on Ubuntu 14.10,\n Ubuntu 14.04 LTS,\n Ubuntu 12.04 LTS,\n Ubuntu 10.04 LTS\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"USN\", value:\"2533-1\");\n script_xref(name:\"URL\", value:\"http://www.ubuntu.com/usn/usn-2533-1/\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=UBUNTU(14\\.10|14\\.04 LTS|12\\.04 LTS|10\\.04 LTS)\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"UBUNTU14.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.9p5-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.9p5-1ubuntu2.1\", rls:\"UBUNTU14.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU14.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.9p5-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.9p5-1ubuntu1.1\", rls:\"UBUNTU14.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.3p1-1ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.3p1-1ubuntu3.7\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.7.2p1-1ubuntu5.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.7.2p1-1ubuntu5.8\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:37:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2015-07-23T00:00:00", "id": "OPENVAS:1361412562310871414", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871414", "type": "openvas", "title": "RedHat Update for sudo RHSA-2015:1409-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# RedHat Update for sudo RHSA-2015:1409-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.871414\");\n script_version(\"$Revision: 12497 $\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2015-07-23 06:27:26 +0200 (Thu, 23 Jul 2015)\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for sudo RHSA-2015:1409-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes, without\nhaving to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands via\nsudo could possibly use this flaw to achieve system state changes not\npermitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs:\n\n * Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this update,\nSIGPIPE handler is properly restored in the function that reads passwords\nfrom the user, and the child processes no longer ignore SIGPIPE. As a\nresult, sudo child processes do not hang in this situation. (BZ#1094548)\n\n * Prior to this update, the order in which sudo rules were processed did\nnot honor the user-defined sudoOrder attribute. Consequently, sudo rules\nwere processed in an undefined order even when the user defined the order\nin sudoOrder. The implementation of SSSD support in sudo has been modified\nto sort the rules according to the sudoOrder value, and sudo rules are now\nsorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n * Previously, sudo became unresponsive after the user issued a command when\na sudoers source was mentioned multiple times in the /etc/nsswitch.conf\nfile. The problem occurred when nsswitch.conf contained, for example, the\n'sudoers: files sss sss' entry. The sudoers source processing code has been\nfixed to correctly handle multiple instances of the same sudoers source.\nAs a result, sudo no longer hangs when a sudoers source is mentioned\nmultiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement:\n\n * The sudo utility now supports I/O logs compressed using the zlib library.\nWith this update, sudo can generate zlib compressed I/O logs and also\nprocess zlib compressed I/O logs generated by other versions of sudo with\nzlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\");\n script_tag(name:\"affected\", value:\"sudo on Red Hat Enterprise Linux Desktop (v. 6),\n Red Hat Enterprise Linux Server (v. 6),\n Red Hat Enterprise Linux Workstation (v. 6)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_xref(name:\"RHSA\", value:\"2015:1409-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2015-July/msg00028.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_6\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_6\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.6p3~19.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"sudo-debuginfo\", rpm:\"sudo-debuginfo~1.8.6p3~19.el6\", rls:\"RHENT_6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "Gentoo Linux Local Security Checks GLSA 201504-02", "modified": "2018-10-26T00:00:00", "published": "2015-09-29T00:00:00", "id": "OPENVAS:1361412562310121369", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310121369", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201504-02", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa-201504-02.nasl 12128 2018-10-26 13:35:25Z cfischer $\n#\n# Gentoo Linux security check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.121369\");\n script_version(\"$Revision: 12128 $\");\n script_tag(name:\"creation_date\", value:\"2015-09-29 11:28:46 +0300 (Tue, 29 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-26 15:35:25 +0200 (Fri, 26 Oct 2018) $\");\n script_name(\"Gentoo Security Advisory GLSA 201504-02\");\n script_tag(name:\"insight\", value:\"sudo does not handle the TZ environment variable properly.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://security.gentoo.org/glsa/201504-02\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"Gentoo Linux Local Security Checks GLSA 201504-02\");\n script_copyright(\"Eero Volotinen\");\n script_family(\"Gentoo Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\n\nif((res=ispkgvuln(pkg:\"app-admin/sudo\", unaffected: make_list(\"ge 1.8.12\"), vulnerable: make_list(\"lt 1.8.12\"))) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2017-07-24T12:52:40", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user", "modified": "2017-07-07T00:00:00", "published": "2015-02-22T00:00:00", "id": "OPENVAS:703167", "href": "http://plugins.openvas.org/nasl.php?oid=703167", "type": "openvas", "title": "Debian Security Advisory DSA 3167-1 (sudo - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3167.nasl 6609 2017-07-07 12:05:59Z cfischer $\n# Auto-generated from advisory DSA 3167-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\n\nif(description)\n{\n script_id(703167);\n script_version(\"$Revision: 6609 $\");\n script_cve_id(\"CVE-2014-9680\");\n script_name(\"Debian Security Advisory DSA 3167-1 (sudo - security update)\");\n script_tag(name: \"last_modification\", value: \"$Date: 2017-07-07 14:05:59 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value: \"2015-02-22 00:00:00 +0100 (Sun, 22 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name: \"solution_type\", value: \"VendorFix\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2015/dsa-3167.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: \"sudo on Debian Linux\");\n script_tag(name: \"insight\", value: \"Sudo is a program designed to allow a\nsysadmin to give limited root privileges to users and log root activity. The\nbasic philosophy is to give as few privileges as possible but still allow people\nto get their work done.\");\n script_tag(name: \"solution\", value: \"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\");\n script_tag(name: \"summary\", value: \"Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user's environment without any sanitization. A\nuser with sudo access may take advantage of this to exploit bugs in the C\nlibrary functions which parse the TZ environment variable or to open files that\nthe user would not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\");\n script_tag(name: \"vuldetect\", value: \"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.5p2-1+nmu2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.5p2-1+nmu2\", rls_regex:\"DEB7.[0-9]\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:36:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "Oracle Linux Local Security Checks ELSA-2015-1409", "modified": "2018-09-28T00:00:00", "published": "2015-10-06T00:00:00", "id": "OPENVAS:1361412562310123062", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123062", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-1409", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: ELSA-2015-1409.nasl 11688 2018-09-28 13:36:28Z cfischer $\n#\n# Oracle Linux Local Check\n#\n# Authors:\n# Eero Volotinen <eero.volotinen@solinor.com>\n#\n# Copyright:\n# Copyright (c) 2015 Eero Volotinen, http://solinor.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.123062\");\n script_version(\"$Revision: 11688 $\");\n script_tag(name:\"creation_date\", value:\"2015-10-06 13:58:52 +0300 (Tue, 06 Oct 2015)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-09-28 15:36:28 +0200 (Fri, 28 Sep 2018) $\");\n script_name(\"Oracle Linux Local Check: ELSA-2015-1409\");\n script_tag(name:\"insight\", value:\"ELSA-2015-1409 - sudo security, bug fix, and enhancement update. Please see the references for more insight.\");\n script_tag(name:\"solution\", value:\"Update the affected packages to the latest available version.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"summary\", value:\"Oracle Linux Local Security Checks ELSA-2015-1409\");\n script_xref(name:\"URL\", value:\"http://linux.oracle.com/errata/ELSA-2015-1409.html\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/oracle_linux\", \"ssh/login/release\", re:\"ssh/login/release=OracleLinux6\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Eero Volotinen\");\n script_family(\"Oracle Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"OracleLinux6\")\n{\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.6p3~19.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n if ((res = isrpmvuln(pkg:\"sudo-devel\", rpm:\"sudo-devel~1.8.6p3~19.el6\", rls:\"OracleLinux6\")) != NULL) {\n security_message(data:res);\n exit(0);\n }\n\n}\nif (__pkg_match) exit(99);\n exit(0);\n\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:54", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2015-02-25T00:00:00", "id": "OPENVAS:1361412562310869033", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310869033", "type": "openvas", "title": "Fedora Update for sudo FEDORA-2015-2247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for sudo FEDORA-2015-2247\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2015 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.869033\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-25 05:41:35 +0100 (Wed, 25 Feb 2015)\");\n script_cve_id(\"CVE-2014-9680\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for sudo FEDORA-2015-2247\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'sudo'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"sudo on Fedora 20\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2015-2247\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150327.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2015 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC20\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC20\")\n{\n\n if ((res = isrpmvuln(pkg:\"sudo\", rpm:\"sudo~1.8.12~1.fc20\", rls:\"FC20\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:36:27", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "description": "Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user", "modified": "2019-03-18T00:00:00", "published": "2015-02-22T00:00:00", "id": "OPENVAS:1361412562310703167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703167", "type": "openvas", "title": "Debian Security Advisory DSA 3167-1 (sudo - security update)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_3167.nasl 14278 2019-03-18 14:47:26Z cfischer $\n# Auto-generated from advisory DSA 3167-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703167\");\n script_version(\"$Revision: 14278 $\");\n script_cve_id(\"CVE-2014-9680\");\n script_name(\"Debian Security Advisory DSA 3167-1 (sudo - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:47:26 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2015-02-22 00:00:00 +0100 (Sun, 22 Feb 2015)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2015/dsa-3167.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2015 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB7\");\n script_tag(name:\"affected\", value:\"sudo on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (wheezy),\nthis problem has been fixed in version 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\");\n script_tag(name:\"summary\", value:\"Jakub Wilk reported that sudo, a\nprogram designed to provide limited super user privileges to specific users,\npreserves the TZ variable from a user's environment without any sanitization. A\nuser with sudo access may take advantage of this to exploit bugs in the C\nlibrary functions which parse the TZ environment variable or to open files that\nthe user would not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software\nversion using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"sudo\", ver:\"1.8.5p2-1+nmu2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"sudo-ldap\", ver:\"1.8.5p2-1+nmu2\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2019-05-30T02:23:10", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3167-1 security@debian.org\nhttp://www.debian.org/security/ Salvatore Bonaccorso\nFebruary 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : sudo\nCVE ID : CVE-2014-9680\nDebian Bug : 772707\n\nJakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable from\na user's environment without any sanitization. A user with sudo access\nmay take advantage of this to exploit bugs in the C library functions\nwhich parse the TZ environment variable or to open files that the user\nwould not otherwise be able to open. The later could potentially cause\nchanges in system behavior when reading certain device special files or\ncause the program run via sudo to block.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2015-02-22T10:16:59", "published": "2015-02-22T10:16:59", "id": "DEBIAN:DSA-3167-1:FC13A", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2015/msg00052.html", "title": "[SECURITY] [DSA 3167-1] sudo security update", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-11T13:29:09", "bulletinFamily": "unix", "cvelist": ["CVE-2014-0106", "CVE-2014-9680"], "description": "Package : sudo\nVersion : 1.7.4p4-2.squeeze.5\nCVE ID : CVE-2014-0106 CVE-2014-9680\nDebian Bug : #772707\n\nThis update fixes the CVEs described below.\n\nCVE-2014-0106\n\n Todd C. Miller reported that if the env_reset option is disabled\n in the sudoers file, the env_delete option is not correctly\n applied to environment variables specified on the command line. A\n malicious user with sudo permissions may be able to run arbitrary\n commands with elevated privileges by manipulating the environment\n of a command the user is legitimately allowed to run.\n\nCVE-2014-9680\n\n Jakub Wilk reported that sudo preserves the TZ variable from a\n user's environment without any sanitization. A user with sudo\n access may take advantage of this to exploit bugs in the C library\n functions which parse the TZ environment variable or to open files\n that the user would not otherwise be able to open. The latter\n could potentially cause changes in system behavior when reading\n certain device special files or cause the program run via sudo to\n block.\n\nFor the oldstable distribution (squeeze), these problems have been fixed\nin version 1.7.4p4-2.squeeze.5.\n\nFor the stable distribution (wheezy), they have been fixed in version\n1.8.5p2-1+nmu2.\n\nWe recommend that you upgrade your sudo packages.\n\n-- \nBen Hutchings - Debian developer, kernel team member\n\n", "edition": 7, "modified": "2015-02-27T20:09:11", "published": "2015-02-27T20:09:11", "id": "DEBIAN:DLA-160-1:ACCA6", "href": "https://lists.debian.org/debian-lts-announce/2015/debian-lts-announce-201502/msg00014.html", "title": "[SECURITY] [DLA 160-1] sudo security update", "type": "debian", "cvss": {"score": 6.6, "vector": "AV:L/AC:M/Au:S/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:18", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "### Background\n\nsudo allows a system administrator to give users the ability to run commands as other users. Access to commands may also be granted on a range to hosts. \n\n### Description\n\nsudo does not handle the TZ environment variable properly.\n\n### Impact\n\nA local attacker may be able to read arbitrary files or information from device special files. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll sudo users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-admin/sudo-1.8.12\"", "edition": 1, "modified": "2015-04-11T00:00:00", "published": "2015-04-11T00:00:00", "id": "GLSA-201504-02", "href": "https://security.gentoo.org/glsa/201504-02", "type": "gentoo", "title": "sudo: Information disclosure", "cvss": {"score": 0.0, "vector": "NONE"}}], "slackware": [{"lastseen": "2020-10-25T16:36:20", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,\nand -current to fix a security issue.\n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n\npatches/packages/sudo-1.8.12-i486-1_slack14.1.txz: Upgraded.\n This update fixes a potential security issue by only passing the TZ\n environment variable it is considered safe. This prevents exploiting bugs\n in glibc's TZ parser that could be used to read files that the user does\n not have access to, or to cause a denial of service.\n For more information, see:\n http://www.sudo.ws/sudo/alerts/tz.html\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9680\n (* Security fix *)\n\nWhere to find the new packages:\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you.\n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/sudo-1.8.12-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/sudo-1.8.12-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/sudo-1.8.12-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/sudo-1.8.12-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/sudo-1.8.12-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/sudo-1.8.12-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/sudo-1.8.12-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/sudo-1.8.12-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/sudo-1.8.12-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/sudo-1.8.12-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/sudo-1.8.12-i486-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ap/sudo-1.8.12-x86_64-1.txz\n\n\nMD5 signatures:\n\nSlackware 13.0 package:\n035101ffefe581d4147bc82cae995f20 sudo-1.8.12-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\ncb041dc9ae54add3a7933e1c0c0697fb sudo-1.8.12-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n942fe050f8dfc56d4c163ccaaec04f29 sudo-1.8.12-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n5240ada948250e29773823a179bd5f7c sudo-1.8.12-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\nee8fc289076d61cf11f2ccf820704d00 sudo-1.8.12-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n9a37c7f40f496ea9531295910483a23c sudo-1.8.12-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n8ff36c6c8b9034b2da68ae44e4a9e779 sudo-1.8.12-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\n941e59e982171bae13c3b41bb178a1af sudo-1.8.12-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\ne2cb4be14b19cd9272373e10e0bd9882 sudo-1.8.12-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n5cda2e6cb8079542819f1daeb3e7c656 sudo-1.8.12-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n1b2e4523131873d75de134673f26f876 ap/sudo-1.8.12-i486-1.txz\n\nSlackware x86_64 -current package:\n74264293c2e69cbdf7f58dbb87b9c2ae ap/sudo-1.8.12-x86_64-1.txz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg sudo-1.8.12-i486-1_slack14.1.txz", "modified": "2015-02-16T21:15:57", "published": "2015-02-16T21:15:57", "id": "SSA-2015-047-03", "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.513277", "type": "slackware", "title": "[slackware-security] sudo", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:57", "bulletinFamily": "software", "cvelist": ["CVE-2014-9680"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA512\r\n\r\n- -------------------------------------------------------------------------\r\nDebian Security Advisory DSA-3167-1 security@debian.org\r\nhttp://www.debian.org/security/ Salvatore Bonaccorso\r\nFebruary 22, 2015 http://www.debian.org/security/faq\r\n- -------------------------------------------------------------------------\r\n\r\nPackage : sudo\r\nCVE ID : CVE-2014-9680\r\nDebian Bug : 772707\r\n\r\nJakub Wilk reported that sudo, a program designed to provide limited\r\nsuper user privileges to specific users, preserves the TZ variable from\r\na user's environment without any sanitization. A user with sudo access\r\nmay take advantage of this to exploit bugs in the C library functions\r\nwhich parse the TZ environment variable or to open files that the user\r\nwould not otherwise be able to open. The later could potentially cause\r\nchanges in system behavior when reading certain device special files or\r\ncause the program run via sudo to block.\r\n\r\nFor the stable distribution (wheezy), this problem has been fixed in\r\nversion 1.8.5p2-1+nmu2.\r\n\r\nWe recommend that you upgrade your sudo packages.\r\n\r\nFurther information about Debian Security Advisories, how to apply\r\nthese updates to your system and frequently asked questions can be\r\nfound at: https://www.debian.org/security/\r\n\r\nMailing list: debian-security-announce@lists.debian.org\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1\r\n\r\niQIcBAEBCgAGBQJU6aw2AAoJEAVMuPMTQ89Elh0P/3TRIvCCeRT6ujltDmOnavnZ\r\nmL43sNp69KnIPxMzqk+6AzYhvKg2p1RMzA+cngu8vPTKT9LPZz0j2gRnz2PnRIyo\r\nnteQ7PlNyA/9Riz2tRVWVnvCMdTcf3TtJ0p16sUmOJLH5zXK5GRHC25Q9fK/JMjb\r\nPRv4W0IVUqXI/N8xm8uyfNdeQ98BFn1DTX1kJllqkdgrOHImeGQA61rGcAj5Nbwr\r\n4tWrslnQmqi27A7Zz3GcmWzqc6mTzWJ1JLLsEaysKQXAkXOm8J3zyZKpUb+Sy2AG\r\ns5fDLRdXAWogkzAiJc3ilbIVvZGwIiRvHHkgDAx5eMrCftfNvTWsI45GaDyiq22P\r\nmrVj44MZjOWi2gVMkpeDXj/kgnOu8WL6w4BrTb8StW2HaAFV3wq7bjZgPTjJ/Ea+\r\nAZxUq5W41jtNJ2vkOf/Slvox8IufHHs4QayPVczRGR0B9i/nwlAL6CoLyq2bqMtQ\r\nSmzNPGXA84DIVIQbYG0Q0S5bmxvvf/dVuH4DGKG+6wrW2Dts3S7yxJCUyNWA3r/I\r\ne9M+4G2qvEZVdDHEz3bRJR/dKfmtl12w8uAAYTYPRlaaYuX6j1Pg8Oyss2O7XX3a\r\n+og5Xygo5q7bbC1Jy6hvwWCXd4bMsY6Celk8+4Pm9sekBCO7tT0puFqKarml5Nf1\r\ngG4LwpQhbHUXnH9gDS8d\r\n=em5a\r\n-----END PGP SIGNATURE-----\r\n\r\n", "edition": 1, "modified": "2015-03-08T00:00:00", "published": "2015-03-08T00:00:00", "id": "SECURITYVULNS:DOC:31774", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31774", "title": "[SECURITY] [DSA 3167-1] sudo security update", "type": "securityvulns", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:01", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-5477", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "Over 150 different vulnerabilities in system components and libraries.", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:VULN:14630", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14630", "title": "Apple Mac OS X / OS X Server multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:11:00", "bulletinFamily": "software", "cvelist": ["CVE-2015-5768", "CVE-2015-5600", "CVE-2015-2787", "CVE-2015-5779", "CVE-2013-1775", "CVE-2015-3185", "CVE-2015-3786", "CVE-2015-1792", "CVE-2015-3761", "CVE-2014-7844", "CVE-2015-3781", "CVE-2015-3776", "CVE-2015-2783", "CVE-2015-5748", "CVE-2014-1912", "CVE-2015-3802", "CVE-2015-3797", "CVE-2014-0191", "CVE-2015-3762", "CVE-2015-3329", "CVE-2009-5078", "CVE-2015-5754", "CVE-2015-3783", "CVE-2015-3330", "CVE-2014-3613", "CVE-2015-1789", "CVE-2015-3789", "CVE-2014-8150", "CVE-2014-3583", "CVE-2015-3779", "CVE-2015-3788", "CVE-2015-3778", "CVE-2015-0241", "CVE-2013-1776", "CVE-2015-5776", "CVE-2015-3766", "CVE-2015-3775", "CVE-2013-7338", "CVE-2015-3798", "CVE-2015-5777", "CVE-2015-3765", "CVE-2015-3782", "CVE-2015-0242", "CVE-2015-0253", "CVE-2015-3784", "CVE-2015-3787", "CVE-2015-3799", "CVE-2015-3153", "CVE-2015-3768", "CVE-2015-3760", "CVE-2015-4148", "CVE-2015-5781", "CVE-2015-3805", "CVE-2015-3790", "CVE-2015-5774", "CVE-2015-3792", "CVE-2015-3803", "CVE-2015-3307", "CVE-2015-4025", "CVE-2015-5784", "CVE-2015-5751", "CVE-2015-4024", "CVE-2015-3795", "CVE-2015-5750", "CVE-2015-5747", "CVE-2015-4021", "CVE-2015-3144", "CVE-2014-7185", "CVE-2015-5761", "CVE-2013-2777", "CVE-2015-3794", "CVE-2015-5773", "CVE-2015-3769", "CVE-2014-3707", "CVE-2015-3800", "CVE-2015-0228", "CVE-2015-3807", "CVE-2015-0244", "CVE-2015-4026", "CVE-2014-8769", "CVE-2015-5756", "CVE-2014-3660", "CVE-2015-1788", "CVE-2015-4147", "CVE-2014-8161", "CVE-2012-6685", "CVE-2015-5753", "CVE-2015-3183", "CVE-2015-3772", "CVE-2014-3620", "CVE-2014-9140", "CVE-2013-2776", "CVE-2015-4022", "CVE-2015-3770", "CVE-2015-3777", "CVE-2015-5771", "CVE-2015-5775", "CVE-2015-3780", "CVE-2013-7422", "CVE-2015-5755", "CVE-2015-3145", "CVE-2015-1790", "CVE-2015-5758", "CVE-2014-0106", "CVE-2015-0243", "CVE-2015-3804", "CVE-2015-3773", "CVE-2014-3581", "CVE-2015-3774", "CVE-2015-5782", "CVE-2014-8109", "CVE-2015-5778", "CVE-2013-7040", "CVE-2015-3757", "CVE-2015-3764", "CVE-2015-3143", "CVE-2014-0067", "CVE-2015-5772", "CVE-2015-3791", "CVE-2014-9365", "CVE-2014-8151", "CVE-2015-5757", "CVE-2015-3796", "CVE-2009-5044", "CVE-2015-5783", "CVE-2014-9680", "CVE-2015-5763", "CVE-2014-8767", "CVE-2015-3767", "CVE-2015-3806", "CVE-2015-1791", "CVE-2015-3771", "CVE-2015-3148"], "description": "\r\n\r\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\r\n2015-006\r\n\r\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\r\nand addresses the following:\r\n\r\napache\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in Apache versions\r\nprior to 2.4.16. These were addressed by updating Apache to version\r\n2.4.16.\r\nCVE-ID\r\nCVE-2014-3581\r\nCVE-2014-3583\r\nCVE-2014-8109\r\nCVE-2015-0228\r\nCVE-2015-0253\r\nCVE-2015-3183\r\nCVE-2015-3185\r\n\r\napache_mod_php\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\r\nserious of which may lead to arbitrary code execution.\r\nDescription: Multiple vulnerabilities existed in PHP versions prior\r\nto 5.5.20. These were addressed by updating Apache to version 5.5.27.\r\nCVE-ID\r\nCVE-2015-2783\r\nCVE-2015-2787\r\nCVE-2015-3307\r\nCVE-2015-3329\r\nCVE-2015-3330\r\nCVE-2015-4021\r\nCVE-2015-4022\r\nCVE-2015-4024\r\nCVE-2015-4025\r\nCVE-2015-4026\r\nCVE-2015-4147\r\nCVE-2015-4148\r\n\r\nApple ID OD Plug-in\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able change the password of a\r\nlocal user\r\nDescription: In some circumstances, a state management issue existed\r\nin password authentication. The issue was addressed through improved\r\nstate management.\r\nCVE-ID\r\nCVE-2015-3799 : an anonymous researcher working with HP's Zero Day\r\nInitiative\r\n\r\nAppleGraphicsControl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in AppleGraphicsControl which could\r\nhave led to the disclosure of kernel memory layout. This issue was\r\naddressed through improved bounds checking.\r\nCVE-ID\r\nCVE-2015-5768 : JieTao Yang of KeenTeam\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in\r\nIOBluetoothHCIController. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3779 : Teddy Reed of Facebook Security\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: A memory management issue could have led to the\r\ndisclosure of kernel memory layout. This issue was addressed with\r\nimproved memory management.\r\nCVE-ID\r\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious app may be able to access notifications from\r\nother iCloud devices\r\nDescription: An issue existed where a malicious app could access a\r\nBluetooth-paired Mac or iOS device's Notification Center\r\nnotifications via the Apple Notification Center Service. The issue\r\naffected devices using Handoff and logged into the same iCloud\r\naccount. This issue was resolved by revoking access to the Apple\r\nNotification Center Service.\r\nCVE-ID\r\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\r\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\r\nWang (Indiana University)\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with privileged network position may be able to\r\nperform denial of service attack using malformed Bluetooth packets\r\nDescription: An input validation issue existed in parsing of\r\nBluetooth ACL packets. This issue was addressed through improved\r\ninput validation.\r\nCVE-ID\r\nCVE-2015-3787 : Trend Micro\r\n\r\nBluetooth\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local attacker may be able to cause unexpected application\r\ntermination or arbitrary code execution\r\nDescription: Multiple buffer overflow issues existed in blued's\r\nhandling of XPC messages. These issues were addressed through\r\nimproved bounds checking.\r\nCVE-ID\r\nCVE-2015-3777 : mitp0sh of [PDX]\r\n\r\nbootp\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious Wi-Fi network may be able to determine networks\r\na device has previously accessed\r\nDescription: Upon connecting to a Wi-Fi network, iOS may have\r\nbroadcast MAC addresses of previously accessed networks via the DNAv4\r\nprotocol. This issue was addressed through disabling DNAv4 on\r\nunencrypted Wi-Fi networks.\r\nCVE-ID\r\nCVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute,\r\nUniversity of Oxford (on the EPSRC Being There project)\r\n\r\nCloudKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access the iCloud\r\nuser record of a previously signed in user\r\nDescription: A state inconsistency existed in CloudKit when signing\r\nout users. This issue was addressed through improved state handling.\r\nCVE-ID\r\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\r\n\r\nCoreMedia Playback\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted movie file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in CoreMedia Playback.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5777 : Apple\r\nCVE-2015-5778 : Apple\r\n\r\nCoreText\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\nCoreText\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ncurl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\r\n7.38.0, one of which may allow remote attackers to bypass the Same\r\nOrigin Policy.\r\nDescription: Multiple vulnerabilities existed in cURL and libcurl\r\nprior to 7.38.0. These issues were addressed by updating cURL to\r\nversion 7.43.0.\r\nCVE-ID\r\nCVE-2014-3613\r\nCVE-2014-3620\r\nCVE-2014-3707\r\nCVE-2014-8150\r\nCVE-2014-8151\r\nCVE-2015-3143\r\nCVE-2015-3144\r\nCVE-2015-3145\r\nCVE-2015-3148\r\nCVE-2015-3153\r\n\r\nData Detectors Engine\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a sequence of unicode characters can lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in processing of\r\nUnicode characters. These issues were addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\r\n\r\nDate & Time pref pane\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Applications that rely on system time may have unexpected\r\nbehavior\r\nDescription: An authorization issue existed when modifying the\r\nsystem date and time preferences. This issue was addressed with\r\nadditional authorization checks.\r\nCVE-ID\r\nCVE-2015-3757 : Mark S C Smith\r\n\r\nDictionary Application\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker with a privileged network position may be able\r\nto intercept users' Dictionary app queries\r\nDescription: An issue existed in the Dictionary app, which did not\r\nproperly secure user communications. This issue was addressed by\r\nmoving Dictionary queries to HTTPS.\r\nCVE-ID\r\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\r\nTeam\r\n\r\nDiskImages\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\r\n\r\ndyld\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed in dyld. This was\r\naddressed through improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3760 : beist of grayhash, Stefan Esser\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-3804 : Apple\r\nCVE-2015-5775 : Apple\r\n\r\nFontParser\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted font file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nfont files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\r\n\r\ngroff\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple issues in pdfroff\r\nDescription: Multiple issues existed in pdfroff, the most serious of\r\nwhich may allow arbitrary filesystem modification. These issues were\r\naddressed by removing pdfroff.\r\nCVE-ID\r\nCVE-2009-5044\r\nCVE-2009-5078\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted TIFF image may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the processing of\r\nTIFF images. This issue was addressed through improved bounds\r\nchecking.\r\nCVE-ID\r\nCVE-2015-5758 : Apple\r\n\r\nImageIO\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Visiting a maliciously crafted website may result in the\r\ndisclosure of process memory\r\nDescription: An uninitialized memory access issue existed in\r\nImageIO's handling of PNG and TIFF images. Visiting a malicious\r\nwebsite may result in sending data from process memory to the\r\nwebsite. This issue is addressed through improved memory\r\ninitialization and additional validation of PNG and TIFF images.\r\nCVE-ID\r\nCVE-2015-5781 : Michal Zalewski\r\nCVE-2015-5782 : Michal Zalewski\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with root privileges\r\nDescription: An issue existed in how Install.framework's 'runner'\r\nbinary dropped privileges. This issue was addressed through improved\r\nprivilege management.\r\nCVE-ID\r\nCVE-2015-5784 : Ian Beer of Google Project Zero\r\n\r\nInstall Framework Legacy\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A race condition existed in\r\nInstall.framework's 'runner' binary that resulted in\r\nprivileges being incorrectly dropped. This issue was addressed\r\nthrough improved object locking.\r\nCVE-ID\r\nCVE-2015-5754 : Ian Beer of Google Project Zero\r\n\r\nIOFireWireFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: Memory corruption issues existed in IOFireWireFamily.\r\nThese issues were addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3769 : Ilja van Sprundel\r\nCVE-2015-3771 : Ilja van Sprundel\r\nCVE-2015-3772 : Ilja van Sprundel\r\n\r\nIOGraphics\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in IOGraphics. This\r\nissue was addressed through additional type input validation.\r\nCVE-ID\r\nCVE-2015-3770 : Ilja van Sprundel\r\nCVE-2015-5783 : Ilja van Sprundel\r\n\r\nIOHIDFamily\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A buffer overflow issue existed in IOHIDFamily. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5774 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to determine kernel\r\nmemory layout\r\nDescription: An issue existed in the mach_port_space_info interface,\r\nwhich could have led to the disclosure of kernel memory layout. This\r\nwas addressed by disabling the mach_port_space_info interface.\r\nCVE-ID\r\nCVE-2015-3766 : Cererdlong of Alibaba Mobile Security Team,\r\n@PanguTeam\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: An integer overflow existed in the handling of IOKit\r\nfunctions. This issue was addressed through improved validation of\r\nIOKit API arguments.\r\nCVE-ID\r\nCVE-2015-3768 : Ilja van Sprundel\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A resource exhaustion issue existed in the fasttrap\r\ndriver. This was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to cause a system denial of service\r\nDescription: A validation issue existed in the mounting of HFS\r\nvolumes. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute unsigned code\r\nDescription: An issue existed that allowed unsigned code to be\r\nappended to signed code in a specially crafted executable file. This\r\nissue was addressed through improved code signature validation.\r\nCVE-ID\r\nCVE-2015-3806 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A specially crafted executable file could allow unsigned,\r\nmalicious code to execute\r\nDescription: An issue existed in the way multi-architecture\r\nexecutable files were evaluated that could have allowed unsigned code\r\nto be executed. This issue was addressed through improved validation\r\nof executable files.\r\nCVE-ID\r\nCVE-2015-3803 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute unsigned code\r\nDescription: A validation issue existed in the handling of Mach-O\r\nfiles. This was addressed by adding additional checks.\r\nCVE-ID\r\nCVE-2015-3802 : TaiG Jailbreak Team\r\nCVE-2015-3805 : TaiG Jailbreak Team\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted plist may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption existed in processing of malformed\r\nplists. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\r\n(@jollyjinx) of Jinx Germany\r\n\r\nKernel\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A path validation issue existed. This was addressed\r\nthrough improved environment sanitization.\r\nCVE-ID\r\nCVE-2015-3761 : Apple\r\n\r\nLibc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted regular expression may lead\r\nto an unexpected application termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in the TRE library.\r\nThese were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3796 : Ian Beer of Google Project Zero\r\nCVE-2015-3797 : Ian Beer of Google Project Zero\r\nCVE-2015-3798 : Ian Beer of Google Project Zero\r\n\r\nLibinfo\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: Memory corruption issues existed in handling AF_INET6\r\nsockets. These were addressed by improved memory handling.\r\nCVE-ID\r\nCVE-2015-5776 : Apple\r\n\r\nlibpthread\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling syscalls.\r\nThis issue was addressed through improved lock state checking.\r\nCVE-ID\r\nCVE-2015-5757 : Lufeng Li of Qihoo 360\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\r\nto 2.9.2, the most serious of which may allow a remote attacker to\r\ncause a denial of service\r\nDescription: Multiple vulnerabilities existed in libxml2 versions\r\nprior to 2.9.2. These were addressed by updating libxml2 to version\r\n2.9.2.\r\nCVE-ID\r\nCVE-2012-6685 : Felix Groebert of Google\r\nCVE-2014-0191 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory access issue existed in libxml2. This was\r\naddressed by improved memory handling\r\nCVE-ID\r\nCVE-2014-3660 : Felix Groebert of Google\r\n\r\nlibxml2\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML document may lead to\r\ndisclosure of user information\r\nDescription: A memory corruption issue existed in parsing of XML\r\nfiles. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3807 : Apple\r\n\r\nlibxpc\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to execute arbitrary\r\ncode with system privileges\r\nDescription: A memory corruption issue existed in handling of\r\nmalformed XPC messages. This issue was improved through improved\r\nbounds checking.\r\nCVE-ID\r\nCVE-2015-3795 : Mathew Rowley\r\n\r\nmail_cmds\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary shell commands\r\nDescription: A validation issue existed in the mailx parsing of\r\nemail addresses. This was addressed by improved sanitization.\r\nCVE-ID\r\nCVE-2014-7844\r\n\r\nNotification Center OSX\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A malicious application may be able to access all\r\nnotifications previously displayed to users\r\nDescription: An issue existed in Notification Center, which did not\r\nproperly delete user notifications. This issue was addressed by\r\ncorrectly deleting notifications dismissed by users.\r\nCVE-ID\r\nCVE-2015-3764 : Jonathan Zdziarski\r\n\r\nntfs\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A local user may be able to execute arbitrary code with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in NTFS. This issue\r\nwas addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\r\nNetworks\r\n\r\nOpenSSH\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Remote attackers may be able to circumvent a time delay for\r\nfailed login attempts and conduct brute-force attacks\r\nDescription: An issue existed when processing keyboard-interactive\r\ndevices. This issue was addressed through improved authentication\r\nrequest validation.\r\nCVE-ID\r\nCVE-2015-5600\r\n\r\nOpenSSL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\r\nto 0.9.8zg, the most serious of which may allow a remote attacker to\r\ncause a denial of service.\r\nDescription: Multiple vulnerabilities existed in OpenSSL versions\r\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\r\n0.9.8zg.\r\nCVE-ID\r\nCVE-2015-1788\r\nCVE-2015-1789\r\nCVE-2015-1790\r\nCVE-2015-1791\r\nCVE-2015-1792\r\n\r\nperl\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted regular expression may lead to\r\ndisclosure of unexpected application termination or arbitrary code\r\nexecution\r\nDescription: An integer underflow issue existed in the way Perl\r\nparsed regular expressions. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2013-7422\r\n\r\nPostgreSQL\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: An attacker may be able to cause unexpected application\r\ntermination or gain access to data without proper authentication\r\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\r\nissues were addressed by updating PostgreSQL to 9.2.13.\r\nCVE-ID\r\nCVE-2014-0067\r\nCVE-2014-8161\r\nCVE-2015-0241\r\nCVE-2015-0242\r\nCVE-2015-0243\r\nCVE-2015-0244\r\n\r\npython\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\r\nserious of which may lead to arbitrary code execution\r\nDescription: Multiple vulnerabilities existed in Python versions\r\nprior to 2.7.6. These were addressed by updating Python to version\r\n2.7.10.\r\nCVE-ID\r\nCVE-2013-7040\r\nCVE-2013-7338\r\nCVE-2014-1912\r\nCVE-2014-7185\r\nCVE-2014-9365\r\n\r\nQL Office\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted Office document may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of Office\r\ndocuments. This issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-5773 : Apple\r\n\r\nQL Office\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted XML file may lead to\r\ndisclosure of user information\r\nDescription: An external entity reference issue existed in XML file\r\nparsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.\r\n\r\nQuartz Composer Framework\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in parsing of\r\nQuickTime files. This issue was addressed through improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-5771 : Apple\r\n\r\nQuick Look\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Searching for a previously viewed website may launch the web\r\nbrowser and render that website\r\nDescription: An issue existed where QuickLook had the capability to\r\nexecute JavaScript. The issue was addressed by disallowing execution\r\nof JavaScript.\r\nCVE-ID\r\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3772\r\nCVE-2015-3779\r\nCVE-2015-5753 : Apple\r\nCVE-2015-5779 : Apple\r\n\r\nQuickTime 7\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted file may lead to an\r\nunexpected application termination or arbitrary code execution\r\nDescription: Multiple memory corruption issues existed in QuickTime.\r\nThese issues were addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3765 : Joe Burnett of Audio Poison\r\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\r\nCVE-2015-5751 : WalkerFuz\r\n\r\nSceneKit\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Viewing a maliciously crafted Collada file may lead to\r\narbitrary code execution\r\nDescription: A heap buffer overflow existed in SceneKit's handling\r\nof Collada files. This issue was addressed through improved input\r\nvalidation.\r\nCVE-ID\r\nCVE-2015-5772 : Apple\r\n\r\nSceneKit\r\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\r\nOS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in SceneKit. This\r\nissue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\r\n\r\nSecurity\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A standard user may be able to gain access to admin\r\nprivileges without proper authentication\r\nDescription: An issue existed in handling of user authentication.\r\nThis issue was addressed through improved authentication checks.\r\nCVE-ID\r\nCVE-2015-3775 : [Eldon Ahrold]\r\n\r\nSMBClient\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: A remote attacker may be able to cause unexpected\r\napplication termination or arbitrary code execution\r\nDescription: A memory corruption issue existed in the SMB client.\r\nThis issue was addressed through improved memory handling.\r\nCVE-ID\r\nCVE-2015-3773 : Ilja van Sprundel\r\n\r\nSpeech UI\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted unicode string with speech\r\nalerts enabled may lead to an unexpected application termination or\r\narbitrary code execution\r\nDescription: A memory corruption issue existed in handling of\r\nUnicode strings. This issue was addressed by improved memory\r\nhandling.\r\nCVE-ID\r\nCVE-2015-3794 : Adam Greenbaum of Refinitive\r\n\r\nsudo\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in sudo versions prior to\r\n1.7.10p9, the most serious of which may allow an attacker access to\r\narbitrary files\r\nDescription: Multiple vulnerabilities existed in sudo versions prior\r\nto 1.7.10p9. These were addressed by updating sudo to version\r\n1.7.10p9.\r\nCVE-ID\r\nCVE-2013-1775\r\nCVE-2013-1776\r\nCVE-2013-2776\r\nCVE-2013-2777\r\nCVE-2014-0106\r\nCVE-2014-9680\r\n\r\ntcpdump\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\r\nserious of which may allow a remote attacker to cause a denial of\r\nservice.\r\nDescription: Multiple vulnerabilities existed in tcpdump versions\r\nprior to 4.7.3. These were addressed by updating tcpdump to version\r\n4.7.3.\r\nCVE-ID\r\nCVE-2014-8767\r\nCVE-2014-8769\r\nCVE-2014-9140\r\n\r\nText Formats\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Parsing a maliciously crafted text file may lead to\r\ndisclosure of user information\r\nDescription: An XML external entity reference issue existed with\r\nTextEdit parsing. This issue was addressed through improved parsing.\r\nCVE-ID\r\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\r\n\r\nudf\r\nAvailable for: OS X Yosemite v10.10 to v10.10.4\r\nImpact: Processing a maliciously crafted DMG file may lead to an\r\nunexpected application termination or arbitrary code execution with\r\nsystem privileges\r\nDescription: A memory corruption issue existed in parsing of\r\nmalformed DMG images. This issue was addressed through improved\r\nmemory handling.\r\nCVE-ID\r\nCVE-2015-3767 : beist of grayhash\r\n\r\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\r\nhttps://support.apple.com/en-us/HT205033\r\n\r\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\r\nfrom the Mac App Store or Apple's Software Downloads web site:\r\nhttp://www.apple.com/support/downloads/\r\n\r\nInformation will also be posted to the Apple Security Updates\r\nweb site: https://support.apple.com/kb/HT201222\r\n\r\nThis message is signed with Apple's Product Security PGP key,\r\nand details are available at:\r\nhttps://www.apple.com/support/security/pgp/\r\n\r\n\r\n\r\n", "edition": 1, "modified": "2015-08-17T00:00:00", "published": "2015-08-17T00:00:00", "id": "SECURITYVULNS:DOC:32390", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:32390", "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:39:08", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "[1.8.6p3-19]\n- RHEL-6.7 erratum\n - modified the authlogicfix patch to fix #1144448\n - fixed a bug in the ldapusermatchfix patch\n Resolves: rhbz#1144448\n Resolves: rhbz#1142122\n[1.8.6p3-18]\n- RHEL-6.7 erratum\n - fixed the mantypos-ldap.patch\n Resolves: rhbz#1138267\n[1.8.6p3-17]\n- RHEL-6.7 erratum\n - added patch for CVE-2014-9680\n - added BuildRequires for tzdata\n Resolves: rhbz#1200253\n[1.8.6p3-16]\n- RHEL-6.7 erratum\n - added zlib-devel build required to enable zlib compression support\n - fixed two typos in the sudoers.ldap man page\n - fixed a hang when duplicate nss entries are specified in nsswitch.conf\n - SSSD: implemented sorting of the result entries according to the\n sudoOrder attribute\n - LDAP: fixed logic handling the computation of the 'user matched' flag\n - fixed restoring of the SIGPIPE signal in the tgetpass function\n - fixed listpw, verifypw + authenticate option logic in LDAP/SSSD\n Resolves: rhbz#1106433\n Resolves: rhbz#1138267\n Resolves: rhbz#1147498\n Resolves: rhbz#1138581\n Resolves: rhbz#1142122\n Resolves: rhbz#1094548\n Resolves: rhbz#1144448", "edition": 4, "modified": "2015-07-28T00:00:00", "published": "2015-07-28T00:00:00", "id": "ELSA-2015-1409", "href": "http://linux.oracle.com/errata/ELSA-2015-1409.html", "title": "sudo security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2019-12-20T18:27:11", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "**CentOS Errata and Security Advisory** CESA-2015:1409\n\n\nThe sudo packages contain the sudo utility which allows system \nadministrators to provide certain users with the permission to execute \nprivileged commands, which are used for system management purposes, without \nhaving to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands via\nsudo could possibly use this flaw to achieve system state changes not\npermitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs:\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this update,\nSIGPIPE handler is properly restored in the function that reads passwords\nfrom the user, and the child processes no longer ignore SIGPIPE. As a\nresult, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did\nnot honor the user-defined sudoOrder attribute. Consequently, sudo rules\nwere processed in an undefined order even when the user defined the order\nin sudoOrder. The implementation of SSSD support in sudo has been modified\nto sort the rules according to the sudoOrder value, and sudo rules are now\nsorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when\na sudoers source was mentioned multiple times in the /etc/nsswitch.conf\nfile. The problem occurred when nsswitch.conf contained, for example, the\n\"sudoers: files sss sss\" entry. The sudoers source processing code has been\nfixed to correctly handle multiple instances of the same sudoers source.\nAs a result, sudo no longer hangs when a sudoers source is mentioned\nmultiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement:\n\n* The sudo utility now supports I/O logs compressed using the zlib library.\nWith this update, sudo can generate zlib compressed I/O logs and also\nprocess zlib compressed I/O logs generated by other versions of sudo with\nzlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-July/008231.html\n\n**Affected packages:**\nsudo\nsudo-devel\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-1409.html", "edition": 3, "modified": "2015-07-26T14:12:38", "published": "2015-07-26T14:12:38", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-July/008231.html", "id": "CESA-2015:1409", "title": "sudo security update", "type": "centos", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "redhat": [{"lastseen": "2019-08-13T18:44:53", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "The sudo packages contain the sudo utility which allows system \nadministrators to provide certain users with the permission to execute \nprivileged commands, which are used for system management purposes, without \nhaving to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands via\nsudo could possibly use this flaw to achieve system state changes not\npermitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux removes\nthe TZ variable from the environment in which commands run by sudo are\nexecuted.\n\nThis update also fixes the following bugs:\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this update,\nSIGPIPE handler is properly restored in the function that reads passwords\nfrom the user, and the child processes no longer ignore SIGPIPE. As a\nresult, sudo child processes do not hang in this situation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed did\nnot honor the user-defined sudoOrder attribute. Consequently, sudo rules\nwere processed in an undefined order even when the user defined the order\nin sudoOrder. The implementation of SSSD support in sudo has been modified\nto sort the rules according to the sudoOrder value, and sudo rules are now\nsorted in the order defined by the user in sudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command when\na sudoers source was mentioned multiple times in the /etc/nsswitch.conf\nfile. The problem occurred when nsswitch.conf contained, for example, the\n\"sudoers: files sss sss\" entry. The sudoers source processing code has been\nfixed to correctly handle multiple instances of the same sudoers source.\nAs a result, sudo no longer hangs when a sudoers source is mentioned\nmultiple times in /etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement:\n\n* The sudo utility now supports I/O logs compressed using the zlib library.\nWith this update, sudo can generate zlib compressed I/O logs and also\nprocess zlib compressed I/O logs generated by other versions of sudo with\nzlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\n", "modified": "2018-06-06T20:24:14", "published": "2015-07-22T04:00:00", "id": "RHSA-2015:1409", "href": "https://access.redhat.com/errata/RHSA-2015:1409", "type": "redhat", "title": "(RHSA-2015:1409) Moderate: sudo security, bug fix, and enhancement update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-01-06T13:23:36", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - RHEL-6.7 erratum\n\n - modified the authlogicfix patch to fix #1144448\n\n - fixed a bug in the ldapusermatchfix patch Resolves:\n rhbz#1144448 Resolves: rhbz#1142122\n\n - RHEL-6.7 erratum\n\n - fixed the mantypos-ldap.patch Resolves: rhbz#1138267\n\n - RHEL-6.7 erratum\n\n - added patch for (CVE-2014-9680)\n\n - added BuildRequires for tzdata Resolves: rhbz#1200253\n\n - RHEL-6.7 erratum\n\n - added zlib-devel build required to enable zlib\n compression support\n\n - fixed two typos in the sudoers.ldap man page\n\n - fixed a hang when duplicate nss entries are specified in\n nsswitch.conf\n\n - SSSD: implemented sorting of the result entries\n according to the sudoOrder attribute\n\n - LDAP: fixed logic handling the computation of the 'user\n matched' flag\n\n - fixed restoring of the SIGPIPE signal in the tgetpass\n function\n\n - fixed listpw, verifypw + authenticate option logic in\n LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267\n Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves:\n rhbz#1142122 Resolves: rhbz#1094548 Resolves:\n rhbz#1144448\n\n - RHEL-6.6 erratum\n\n - SSSD: dropped the ipahostnameshort patch, as it is not\n needed. rhbz#1033703 is a configuration issue. Related:\n rhbz#1033703\n\n - RHEL-6.6 erratum\n\n - SSSD: fixed netgroup filter patch\n\n - SSSD: dropped serparate patch for #1006463, the fix is\n now part of the netgroup filter patch Resolves:\n rhbz#1006463 Resolves: rhbz#1083064\n\n - RHEL-6.6 erratum\n\n - don't retry authentication when ctrl-c pressed\n\n - fix double-quote processing in Defaults options\n\n - fix sesh login shell argv[0]\n\n - handle the '(none)' hostname correctly\n\n - SSSD: fix ipa_hostname handling\n\n - SSSD: fix sudoUser netgroup specification filtering\n\n - SSSD: list correct user when -U <user> -l specified\n\n - SSSD: show rule names on long listing (-ll) Resolves:\n rhbz#1065415 Resolves: rhbz#1078338 Resolves:\n rhbz#1052940 Resolves: rhbz#1083064 Resolves:\n rhbz#1033703 Resolves: rhbz#1006447 Resolves:\n rhbz#1006463 Resolves: rhbz#1070952", "edition": 30, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-07-31T00:00:00", "title": "OracleVM 3.3 : sudo (OVMSA-2015-0103)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-07-31T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.3", "p-cpe:/a:oracle:vm:sudo"], "id": "ORACLEVM_OVMSA-2015-0103.NASL", "href": "https://www.tenable.com/plugins/nessus/85144", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2015-0103.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85144);\n script_version(\"2.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n\n script_name(english:\"OracleVM 3.3 : sudo (OVMSA-2015-0103)\");\n script_summary(english:\"Checks the RPM output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - RHEL-6.7 erratum\n\n - modified the authlogicfix patch to fix #1144448\n\n - fixed a bug in the ldapusermatchfix patch Resolves:\n rhbz#1144448 Resolves: rhbz#1142122\n\n - RHEL-6.7 erratum\n\n - fixed the mantypos-ldap.patch Resolves: rhbz#1138267\n\n - RHEL-6.7 erratum\n\n - added patch for (CVE-2014-9680)\n\n - added BuildRequires for tzdata Resolves: rhbz#1200253\n\n - RHEL-6.7 erratum\n\n - added zlib-devel build required to enable zlib\n compression support\n\n - fixed two typos in the sudoers.ldap man page\n\n - fixed a hang when duplicate nss entries are specified in\n nsswitch.conf\n\n - SSSD: implemented sorting of the result entries\n according to the sudoOrder attribute\n\n - LDAP: fixed logic handling the computation of the 'user\n matched' flag\n\n - fixed restoring of the SIGPIPE signal in the tgetpass\n function\n\n - fixed listpw, verifypw + authenticate option logic in\n LDAP/SSSD Resolves: rhbz#1106433 Resolves: rhbz#1138267\n Resolves: rhbz#1147498 Resolves: rhbz#1138581 Resolves:\n rhbz#1142122 Resolves: rhbz#1094548 Resolves:\n rhbz#1144448\n\n - RHEL-6.6 erratum\n\n - SSSD: dropped the ipahostnameshort patch, as it is not\n needed. rhbz#1033703 is a configuration issue. Related:\n rhbz#1033703\n\n - RHEL-6.6 erratum\n\n - SSSD: fixed netgroup filter patch\n\n - SSSD: dropped serparate patch for #1006463, the fix is\n now part of the netgroup filter patch Resolves:\n rhbz#1006463 Resolves: rhbz#1083064\n\n - RHEL-6.6 erratum\n\n - don't retry authentication when ctrl-c pressed\n\n - fix double-quote processing in Defaults options\n\n - fix sesh login shell argv[0]\n\n - handle the '(none)' hostname correctly\n\n - SSSD: fix ipa_hostname handling\n\n - SSSD: fix sudoUser netgroup specification filtering\n\n - SSSD: list correct user when -U <user> -l specified\n\n - SSSD: show rule names on long listing (-ll) Resolves:\n rhbz#1065415 Resolves: rhbz#1078338 Resolves:\n rhbz#1052940 Resolves: rhbz#1083064 Resolves:\n rhbz#1033703 Resolves: rhbz#1006447 Resolves:\n rhbz#1006463 Resolves: rhbz#1070952\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/oraclevm-errata/2015-July/000351.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.3\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/31\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.3\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.3\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.3\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:48:58", "description": "Jakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable\nfrom a user's environment without any sanitization. A user with sudo\naccess may take advantage of this to exploit bugs in the C library\nfunctions which parse the TZ environment variable or to open files\nthat the user would not otherwise be able to open. The later could\npotentially cause changes in system behavior when reading certain\ndevice special files or cause the program run via sudo to block.", "edition": 18, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-02-23T00:00:00", "title": "Debian DSA-3167-1 : sudo - security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-02-23T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:7.0", "p-cpe:/a:debian:debian_linux:sudo"], "id": "DEBIAN_DSA-3167.NASL", "href": "https://www.tenable.com/plugins/nessus/81426", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-3167. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81426);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"DSA\", value:\"3167\");\n\n script_name(english:\"Debian DSA-3167-1 : sudo - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jakub Wilk reported that sudo, a program designed to provide limited\nsuper user privileges to specific users, preserves the TZ variable\nfrom a user's environment without any sanitization. A user with sudo\naccess may take advantage of this to exploit bugs in the C library\nfunctions which parse the TZ environment variable or to open files\nthat the user would not otherwise be able to open. The later could\npotentially cause changes in system behavior when reading certain\ndevice special files or cause the program run via sudo to block.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772707\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/sudo\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2015/dsa-3167\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the sudo packages.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 1.8.5p2-1+nmu2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"7.0\", prefix:\"sudo\", reference:\"1.8.5p2-1+nmu2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"sudo-ldap\", reference:\"1.8.5p2-1+nmu2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:28:49", "description": "sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment\n variable (bsc#917806).", "edition": 20, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-11-20T00:00:00", "title": "openSUSE Security Update : sudo (openSUSE-2015-687)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-11-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sudo-debuginfo", "cpe:/o:novell:opensuse:42.1", "p-cpe:/a:novell:opensuse:sudo-devel", "p-cpe:/a:novell:opensuse:sudo", "p-cpe:/a:novell:opensuse:sudo-test", "p-cpe:/a:novell:opensuse:sudo-debugsource"], "id": "OPENSUSE-2015-687.NASL", "href": "https://www.tenable.com/plugins/nessus/86956", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-687.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86956);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\");\n\n script_name(english:\"openSUSE Security Update : sudo (openSUSE-2015-687)\");\n script_summary(english:\"Check for the openSUSE-2015-687 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment\n variable (bsc#917806).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-debuginfo-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-debugsource-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-devel-1.8.10p3-5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.1\", reference:\"sudo-test-1.8.10p3-5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-debugsource / sudo-devel / sudo-test\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-02-06T13:45:04", "description": "Updated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.", "edition": 32, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-07-23T00:00:00", "title": "RHEL 6 : sudo (RHSA-2015:1409)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-07-23T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo", "p-cpe:/a:redhat:enterprise_linux:sudo-devel", "p-cpe:/a:redhat:enterprise_linux:sudo", "cpe:/o:redhat:enterprise_linux:6"], "id": "REDHAT-RHSA-2015-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/84943", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1409. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(84943);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/05\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"RHSA\", value:\"2015:1409\");\n\n script_name(english:\"RHEL 6 : sudo (RHSA-2015:1409)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Updated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2015:1409\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2014-9680\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected sudo, sudo-debuginfo and / or sudo-devel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2015:1409\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sudo-debuginfo-1.8.6p3-19.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-devel\");\n }\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T14:22:37", "description": "This update for sudo provides the following fixes :\n\nHandle TZ environment variable safely. (CVE-2014-9680, bnc#917806)\n\nDo not truncate long commands (131072 or more characters) without any\nwarning. (bnc#901145)\n\nCreate log files with ownership set to user and group 'root'.\n(bnc#904694)\n\nClose PAM session properly. (bnc#880764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 31, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-06-03T00:00:00", "title": "SUSE SLED11 / SLES11 Security Update : sudo (SUSE-SU-2015:0985-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-06-03T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:sudo"], "id": "SUSE_SU-2015-0985-1.NASL", "href": "https://www.tenable.com/plugins/nessus/83971", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2015:0985-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83971);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n\n script_name(english:\"SUSE SLED11 / SLES11 Security Update : sudo (SUSE-SU-2015:0985-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for sudo provides the following fixes :\n\nHandle TZ environment variable safely. (CVE-2014-9680, bnc#917806)\n\nDo not truncate long commands (131072 or more characters) without any\nwarning. (bnc#901145)\n\nCreate log files with ownership set to user and group 'root'.\n(bnc#904694)\n\nClose PAM session properly. (bnc#880764)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=880764\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=901145\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=904694\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=917806\"\n );\n # https://download.suse.com/patch/finder/?keywords=3f29625c93073c1ed3b6a38fb74296cb\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?0d3f8d40\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2014-9680/\"\n );\n # https://www.suse.com/support/update/announcement/2015/suse-su-20150985-1.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b59a2d89\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use YaST online_update.\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server 11 SP3 for VMware :\n\nzypper in -t patch slessp3-sudo=10686\n\nSUSE Linux Enterprise Server 11 SP3 :\n\nzypper in -t patch slessp3-sudo=10686\n\nSUSE Linux Enterprise Desktop 11 SP3 :\n\nzypper in -t patch sledsp3-sudo=10686\n\nTo bring your system up-to-date, use 'zypper patch'.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED11|SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED11 / SLES11\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES11 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED11\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED11 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES11\", sp:\"3\", reference:\"sudo-1.7.6p2-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"x86_64\", reference:\"sudo-1.7.6p2-0.23.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:\"3\", cpu:\"i586\", reference:\"sudo-1.7.6p2-0.23.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:13:27", "description": " - update to 1.8.12\n\n - fixes CVE-2014-9680\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 20, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-02-23T00:00:00", "title": "Fedora 21 : sudo-1.8.12-1.fc21 (2015-2281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-02-23T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:21", "p-cpe:/a:fedoraproject:fedora:sudo"], "id": "FEDORA_2015-2281.NASL", "href": "https://www.tenable.com/plugins/nessus/81431", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2015-2281.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81431);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_xref(name:\"FEDORA\", value:\"2015-2281\");\n\n script_name(english:\"Fedora 21 : sudo-1.8.12-1.fc21 (2015-2281)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - update to 1.8.12\n\n - fixes CVE-2014-9680\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1191144\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2015-February/150218.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?2c3da047\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:21\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/02/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/02/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^21([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 21.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC21\", reference:\"sudo-1.8.12-1.fc21\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T12:28:52", "description": "sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment\n variable (bsc#917806).", "edition": 20, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-11-05T00:00:00", "title": "openSUSE Security Update : sudo (openSUSE-2015-703)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-11-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:sudo-debuginfo", "p-cpe:/a:novell:opensuse:sudo-devel", "p-cpe:/a:novell:opensuse:sudo", "p-cpe:/a:novell:opensuse:sudo-test", "cpe:/o:novell:opensuse:13.2", "p-cpe:/a:novell:opensuse:sudo-debugsource", "cpe:/o:novell:opensuse:13.1"], "id": "OPENSUSE-2015-703.NASL", "href": "https://www.tenable.com/plugins/nessus/86738", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2015-703.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(86738);\n script_version(\"2.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\");\n\n script_name(english:\"openSUSE Security Update : sudo (openSUSE-2015-703)\");\n script_summary(english:\"Check for the openSUSE-2015-703 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"sudo was updated to fix one security issue.\n\nThis security issue was fixed :\n\n - CVE-2014-9680: Unsafe handling of TZ environment\n variable (bsc#917806).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=917806\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:sudo-test\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:13.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/10/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/11/05\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE13\\.1|SUSE13\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"13.1 / 13.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-debuginfo-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-debugsource-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.1\", reference:\"sudo-devel-1.8.10p3-5.16.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-debuginfo-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-debugsource-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-devel-1.8.10p3-2.7.1\") ) flag++;\nif ( rpm_check(release:\"SUSE13.2\", reference:\"sudo-test-1.8.10p3-2.7.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-debuginfo / sudo-debugsource / sudo-devel / sudo-test\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-20T15:28:45", "description": "Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly\nhandled the TZ environment variable. An attacker with Sudo access\ncould possibly use this issue to open arbitrary files, bypassing\nintended permissions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 26, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-03-17T00:00:00", "title": "Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : sudo vulnerability (USN-2533-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-03-17T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:10.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.10", "p-cpe:/a:canonical:ubuntu_linux:sudo-ldap", "p-cpe:/a:canonical:ubuntu_linux:sudo", "cpe:/o:canonical:ubuntu_linux:12.04:-:lts", "cpe:/o:canonical:ubuntu_linux:14.04"], "id": "UBUNTU_USN-2533-1.NASL", "href": "https://www.tenable.com/plugins/nessus/81881", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-2533-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(81881);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"USN\", value:\"2533-1\");\n\n script_name(english:\"Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : sudo vulnerability (USN-2533-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly\nhandled the TZ environment variable. An attacker with Sudo access\ncould possibly use this issue to open arbitrary files, bypassing\nintended permissions.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/2533-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected sudo and / or sudo-ldap packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:sudo-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:10.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:12.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:14.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/03/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/03/17\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2015-2020 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(10\\.04|12\\.04|14\\.04|14\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 10.04 / 12.04 / 14.04 / 14.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo\", pkgver:\"1.7.2p1-1ubuntu5.8\")) flag++;\nif (ubuntu_check(osver:\"10.04\", pkgname:\"sudo-ldap\", pkgver:\"1.7.2p1-1ubuntu5.8\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"sudo\", pkgver:\"1.8.3p1-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"12.04\", pkgname:\"sudo-ldap\", pkgver:\"1.8.3p1-1ubuntu3.7\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sudo\", pkgver:\"1.8.9p5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.04\", pkgname:\"sudo-ldap\", pkgver:\"1.8.9p5-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"sudo\", pkgver:\"1.8.9p5-1ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"14.10\", pkgname:\"sudo-ldap\", pkgver:\"1.8.9p5-1ubuntu2.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-ldap\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-06T09:30:16", "description": "Updated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.", "edition": 32, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-07-28T00:00:00", "title": "CentOS 6 : sudo (CESA-2015:1409)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-07-28T00:00:00", "cpe": ["cpe:/o:centos:centos:6", "p-cpe:/a:centos:centos:sudo", "p-cpe:/a:centos:centos:sudo-devel"], "id": "CENTOS_RHSA-2015-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/85017", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2015:1409 and \n# CentOS Errata and Security Advisory 2015:1409 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85017);\n script_version(\"2.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"RHSA\", value:\"2015:1409\");\n\n script_name(english:\"CentOS 6 : sudo (CESA-2015:1409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\"\n );\n # https://lists.centos.org/pipermail/centos-cr-announce/2015-July/002031.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?54ca9ed3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2014-9680\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/28\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/CentOS/release\");\nif (isnull(release) || \"CentOS\" >!< release) audit(AUDIT_OS_NOT, \"CentOS\");\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"CentOS\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"CentOS 6.x\", \"CentOS \" + os_ver);\n\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-6\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\nif (rpm_check(release:\"CentOS-6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-17T12:50:05", "description": "From Red Hat Security Advisory 2015:1409 :\n\nUpdated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.", "edition": 29, "cvss3": {"score": 3.3, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}, "published": "2015-07-30T00:00:00", "title": "Oracle Linux 6 : sudo (ELSA-2015-1409)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-9680"], "modified": "2015-07-30T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:sudo", "p-cpe:/a:oracle:linux:sudo-devel"], "id": "ORACLELINUX_ELSA-2015-1409.NASL", "href": "https://www.tenable.com/plugins/nessus/85104", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2015:1409 and \n# Oracle Linux Security Advisory ELSA-2015-1409 respectively.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(85104);\n script_version(\"2.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2014-9680\");\n script_bugtraq_id(72649);\n script_xref(name:\"RHSA\", value:\"2015:1409\");\n\n script_name(english:\"Oracle Linux 6 : sudo (ELSA-2015-1409)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2015:1409 :\n\nUpdated sudo packages that fix one security issue, three bugs, and add\none enhancement are now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having Moderate\nsecurity impact. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available from the\nCVE link in the References section.\n\nThe sudo packages contain the sudo utility which allows system\nadministrators to provide certain users with the permission to execute\nprivileged commands, which are used for system management purposes,\nwithout having to log in as root.\n\nIt was discovered that sudo did not perform any checks of the TZ\nenvironment variable value. If sudo was configured to preserve the TZ\nenvironment variable, a local user with privileges to execute commands\nvia sudo could possibly use this flaw to achieve system state changes\nnot permitted by the configured commands. (CVE-2014-9680)\n\nNote: The default sudoers configuration in Red Hat Enterprise Linux\nremoves the TZ variable from the environment in which commands run by\nsudo are executed.\n\nThis update also fixes the following bugs :\n\n* Previously, the sudo utility child processes could sometimes become\nunresponsive because they ignored the SIGPIPE signal. With this\nupdate, SIGPIPE handler is properly restored in the function that\nreads passwords from the user, and the child processes no longer\nignore SIGPIPE. As a result, sudo child processes do not hang in this\nsituation. (BZ#1094548)\n\n* Prior to this update, the order in which sudo rules were processed\ndid not honor the user-defined sudoOrder attribute. Consequently, sudo\nrules were processed in an undefined order even when the user defined\nthe order in sudoOrder. The implementation of SSSD support in sudo has\nbeen modified to sort the rules according to the sudoOrder value, and\nsudo rules are now sorted in the order defined by the user in\nsudoOrder. (BZ#1138581)\n\n* Previously, sudo became unresponsive after the user issued a command\nwhen a sudoers source was mentioned multiple times in the\n/etc/nsswitch.conf file. The problem occurred when nsswitch.conf\ncontained, for example, the 'sudoers: files sss sss' entry. The\nsudoers source processing code has been fixed to correctly handle\nmultiple instances of the same sudoers source. As a result, sudo no\nlonger hangs when a sudoers source is mentioned multiple times in\n/etc/nsswitch.conf. (BZ#1147498)\n\nIn addition, this update adds the following enhancement :\n\n* The sudo utility now supports I/O logs compressed using the zlib\nlibrary. With this update, sudo can generate zlib compressed I/O logs\nand also process zlib compressed I/O logs generated by other versions\nof sudo with zlib support. (BZ#1106433)\n\nAll sudo users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2015-July/005230.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected sudo packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sudo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:sudo-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/04/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", reference:\"sudo-1.8.6p3-19.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"sudo-devel-1.8.6p3-19.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"sudo / sudo-devel\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. ", "modified": "2015-02-22T06:04:59", "published": "2015-02-22T06:04:59", "id": "FEDORA:98425605E7E8", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 21 Update: sudo-1.8.12-1.fc21", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2014-9680"], "description": "Sudo (superuser do) allows a system administrator to give certain users (or groups of users) the ability to run some (or all) commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict what commands a user may run on a per-host basis, copious logging of each command (providing a clear audit trail of who did what), a configurable timeout of the sudo command, and the ability to use the same configuration file (sudoers) on many different machines. ", "modified": "2015-02-23T23:25:03", "published": "2015-02-23T23:25:03", "id": "FEDORA:231846087E04", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: sudo-1.8.12-1.fc20", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}
