CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
10.1%
This update fixes two security issues :
Sudo failed to properly reset group permissions, when βrunas_defaultβ option was used. If a local, unprivileged user was authorized by sudoers file to perform their sudo commands under default user account, it could lead to privilege escalation. (CVE-2010-0427 :
CVSS v2 Base Score: 6.6)
A privilege escalation flaw was found in the way sudo used to check file paths for pseudocommands. If local, unprivileged user was authorized by sudoers file to edit one or more files, it could lead to execution of arbitrary code, with the privileges of privileged system user (root). (CVE-2010-0426 : CVSS v2 Base Score: 6.6)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SuSE 11 update information. The text itself is
# copyright (C) Novell, Inc.
#
if (NASL_LEVEL < 3000) exit(0);
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(45014);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2010-0426", "CVE-2010-0427");
script_name(english:"SuSE 11 Security Update : sudo (SAT Patch Number 2084)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote SuSE 11 host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"This update fixes two security issues :
- Sudo failed to properly reset group permissions, when
'runas_default' option was used. If a local,
unprivileged user was authorized by sudoers file to
perform their sudo commands under default user account,
it could lead to privilege escalation. (CVE-2010-0427 :
CVSS v2 Base Score: 6.6)
- A privilege escalation flaw was found in the way sudo
used to check file paths for pseudocommands. If local,
unprivileged user was authorized by sudoers file to edit
one or more files, it could lead to execution of
arbitrary code, with the privileges of privileged system
user (root). (CVE-2010-0426 : CVSS v2 Base Score: 6.6)"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=582555"
);
script_set_attribute(
attribute:"see_also",
value:"https://bugzilla.novell.com/show_bug.cgi?id=582556"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0426.html"
);
script_set_attribute(
attribute:"see_also",
value:"http://support.novell.com/security/cve/CVE-2010-0427.html"
);
script_set_attribute(attribute:"solution", value:"Apply SAT patch number 2084.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_cwe_id(264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:sudo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11");
script_set_attribute(attribute:"patch_publication_date", value:"2010/03/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.");
script_family(english:"SuSE Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11");
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu);
pl = get_kb_item("Host/SuSE/patchlevel");
if (pl) audit(AUDIT_OS_NOT, "SuSE 11.0");
flag = 0;
if (rpm_check(release:"SLED11", sp:0, cpu:"i586", reference:"sudo-1.6.9p17-21.3.1")) flag++;
if (rpm_check(release:"SLED11", sp:0, cpu:"x86_64", reference:"sudo-1.6.9p17-21.3.1")) flag++;
if (rpm_check(release:"SLES11", sp:0, reference:"sudo-1.6.9p17-21.3.1")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");