Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:19476
HistoryApr 19, 2010 - 12:00 a.m.

Sudo sudoedit路径解析本地权限提升漏洞

2010-04-1900:00:00
Root
www.seebug.org
11

0.0004 Low

EPSS

Percentile

10.1%

JSON

BUGTRAQ ID: 39468
CVE ID: CVE-2010-1163

Sudo是一款允许用户以其他用户权限安全的执行命令的程序,广泛使用在Linux和Unix操作系统下。

当sudo执行命令匹配时,存在sudoers文件中存在伪命令的特殊情况(目前唯一的伪命令是sudoedit)。与正常命令不同,伪命令中不包含有路径组件。Sudo的命令匹配例程认为实际命令中应包含有一个或多个“/”字符,而sudo的路径解析代码没有向当前工作目录中所找到的命令添加“./”前缀,这就在cwd中所发现的sudoedit命令与sudoers文件中的sudoedit伪命令之间造成了歧义,导致用户可以在当前工作目录中运行任意名为sudoedit的命令。

如果要成功执行攻击,PATH环境变量必须包含有“.”且不应包含任何存在sudoedit命令的目录;此外还要禁用了ignore_dot或 secure_path选项。

Todd Miller Sudo 1.6.8 - 1.7.2 p5
临时解决方法:

  • 启用ignore_dot sudoers选项。

厂商补丁:

Todd Miller

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.sudo.ws/sudo/dist/

Ubuntu

Ubuntu已经为此发布了一个安全公告(USN-928-1)以及相应补丁:
USN-928-1:Sudo vulnerability
链接:http://www.ubuntu.com/usn/USN-928-1

Related

cisco 1
freebsd 1
openvas 15
nessus 12
gentoo 1
centos 1
cvelist 1
debiancve 1
securityvulns 2
altlinux 2
oraclelinux 1
packetstorm 1
veracode 1
nvd 1
ubuntucve 1
redhat 2
cve 1
slackware 1
prion 1
cisco
cisco
Sudo sudoedit Local Command Privilege Escalation Vulnerability
2010-04-19 20:43:48
freebsd
freebsd
sudo -- Privilege escalation with sudoedit
2010-04-09 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201006-09 (sudo)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201006-09 (sudo)
2011-03-09 00:00:00
Mandriva Update for sudo MDVSA-2010:078 (sudo)
2010-04-19 00:00:00
nessus
nessus
FreeBSD : sudo -- Privilege escalation with sudoedit (1a9f678d-48ca-11df-85f8-000c29a67389)
2010-04-16 00:00:00
GLSA-201006-09 : sudo: Privilege escalation
2010-06-02 00:00:00
Scientific Linux Security Update : sudo on SL5.x i386/x86_64
2012-08-01 00:00:00
gentoo
gentoo
sudo: Privilege escalation
2010-06-01 00:00:00
centos
centos
sudo security update
2010-05-28 10:47:01
cvelist
cvelist
CVE-2010-1163
2010-04-16 19:00:00
debiancve
debiancve
CVE-2010-1163
2010-04-16 19:30:00
securityvulns
securityvulns
sudoedit local privilege escalation through PATH manipulation
2010-04-22 00:00:00
sudo protection bypass
2010-04-22 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt8
2010-06-01 00:00:00
Security fix for the ALT Linux 6 package sudo version 1:1.6.8p12-alt8
2010-06-01 00:00:00
oraclelinux
oraclelinux
sudo security update
2010-04-20 00:00:00
packetstorm
packetstorm
Sudo 1.7.2p5 Local Privilege Escalation
2010-04-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:48:33
nvd
nvd
CVE-2010-1163
2010-04-16 19:30:00
ubuntucve
ubuntucve
CVE-2010-1163
2010-04-16 00:00:00
redhat
redhat
(RHSA-2010:0361) Moderate: sudo security update
2010-04-20 00:00:00
(RHSA-2010:0476) Important: rhev-hypervisor security, bug fix, and enhancement update
2010-06-22 00:00:00
cve
cve
CVE-2010-1163
2010-04-16 19:30:00
slackware
slackware
[slackware-security] sudo
2010-04-20 17:51:19
prion
prion
Command injection
2010-04-16 19:30:00

0.0004 Low

EPSS

Percentile

10.1%

JSON
Related for SSV:19476
cisco1freebsd1openvas15nessus12gentoo1centos1cvelist1debiancve1securityvulns2altlinux2oraclelinux1packetstorm1veracode1nvd1ubuntucve1redhat2cve1slackware1prion1