Vulnerabilities > CVE-2010-2956 - Unspecified vulnerability in Todd Miller Sudo

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
todd-miller
nessus

Summary

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence.

Nessus

  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-983-1.NASL
    descriptionMarkus Wuethrich discovered that sudo did not always verify the user when a group was specified in the Runas_Spec. A local attacker could exploit this to execute arbitrary code as root if sudo was configured to allow the attacker to use a program as a group when the attacker was not a part of that group. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49140
    published2010-09-08
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49140
    titleUbuntu 9.10 / 10.04 LTS : sudo vulnerability (USN-983-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-983-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49140);
      script_version("1.11");
      script_cvs_date("Date: 2019/09/19 12:54:26");
    
      script_cve_id("CVE-2010-2956");
      script_xref(name:"USN", value:"983-1");
    
      script_name(english:"Ubuntu 9.10 / 10.04 LTS : sudo vulnerability (USN-983-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Markus Wuethrich discovered that sudo did not always verify the user
    when a group was specified in the Runas_Spec. A local attacker could
    exploit this to execute arbitrary code as root if sudo was configured
    to allow the attacker to use a program as a group when the attacker
    was not a part of that group.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/983-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected sudo and / or sudo-ldap packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sudo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:sudo-ldap");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(9\.10|10\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 9.10 / 10.04", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"9.10", pkgname:"sudo", pkgver:"1.7.0-1ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"9.10", pkgname:"sudo-ldap", pkgver:"1.7.0-1ubuntu2.5")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"sudo", pkgver:"1.7.2p1-1ubuntu5.2")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"sudo-ldap", pkgver:"1.7.2p1-1ubuntu5.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo / sudo-ldap");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2010-0675.NASL
    descriptionAn updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49128
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49128
    titleRHEL 5 : sudo (RHSA-2010:0675)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2010:0675. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(49128);
      script_version ("1.17");
      script_cvs_date("Date: 2019/10/25 13:36:15");
    
      script_cve_id("CVE-2010-2956");
      script_xref(name:"RHSA", value:"2010:0675");
    
      script_name(english:"RHEL 5 : sudo (RHSA-2010:0675)");
      script_summary(english:"Checks the rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An updated sudo package that fixes one security issue is now available
    for Red Hat Enterprise Linux 5.
    
    The Red Hat Security Response Team has rated this update as having
    important security impact. A Common Vulnerability Scoring System
    (CVSS) base score, which gives a detailed severity rating, is
    available from the CVE link in the References section.
    
    The sudo (superuser do) utility allows system administrators to give
    certain users the ability to run commands as root.
    
    A flaw was found in the way sudo handled Runas specifications
    containing both a user and a group list. If a local user were
    authorized by the sudoers file to perform their sudo commands with the
    privileges of a specified user and group, they could use this flaw to
    run those commands with the privileges of either an arbitrary user or
    group on the system. (CVE-2010-2956)
    
    Red Hat would like to thank Markus Wuethrich of Swiss Post -
    PostFinance for reporting this issue.
    
    Users of sudo should upgrade to this updated package, which contains a
    backported patch to correct this issue."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2010-2956"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2010:0675"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected sudo package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sudo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/09/10");
      script_set_attribute(attribute:"patch_publication_date", value:"2010/09/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/09/08");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2010:0675";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL5", cpu:"i386", reference:"sudo-1.7.2p1-8.el5_5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"sudo-1.7.2p1-8.el5_5")) flag++;
      if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"sudo-1.7.2p1-8.el5_5")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo");
      }
    }
    
  • NASL familyMisc.
    NASL idVMWARE_VMSA-2011-0001_REMOTE.NASL
    descriptionThe remote VMware ESX host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including arbitrary code execution vulnerabilities, in several third-party components and libraries : - glibc - glibc-common - nscd - openldap - sudo
    last seen2020-06-01
    modified2020-06-02
    plugin id89673
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89673
    titleVMware ESX Third-Party Libraries Multiple Vulnerabilities (VMSA-2011-0001) (remote check)
  • NASL familyVMware ESX Local Security Checks
    NASL idVMWARE_VMSA-2011-0001.NASL
    descriptiona. Service Console update for glibc The service console packages glibc, glibc-common, and nscd are each updated to version 2.5-34.4908.vmw. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-3847 and CVE-2010-3856 to the issues addressed in this update. b. Service Console update for sudo The service console package sudo is updated to version 1.7.2p1-8.el5_5. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-2956 to the issue addressed in this update. c. Service Console update for openldap The service console package openldap is updated to version 2.3.43-12.el5_5.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2010-0211 and CVE-2010-0212 to the issues addressed in this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id51422
    published2011-01-06
    reporterThis script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/51422
    titleVMSA-2011-0001 : VMware ESX third-party updates for Service Console packages glibc, sudo, and openldap
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2010-0675.NASL
    descriptionFrom Red Hat Security Advisory 2010:0675 : An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id68093
    published2013-07-12
    reporterThis script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/68093
    titleOracle Linux 5 : sudo (ELSA-2010-0675)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_SUDO-100907.NASL
    descriptionsudo
    last seen2020-06-01
    modified2020-06-02
    plugin id49168
    published2010-09-09
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49168
    titleopenSUSE Security Update : sudo (openSUSE-SU-2010:0591-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14184.NASL
    description - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD -> ISC - fixes CVE-2010-2956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49240
    published2010-09-16
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49240
    titleFedora 14 : sudo-1.7.4p4-1.fc14 (2010-14184)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_SUDO-100907.NASL
    descriptionsudo
    last seen2020-06-01
    modified2020-06-02
    plugin id75750
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75750
    titleopenSUSE Security Update : sudo (openSUSE-SU-2010:0591-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14355.NASL
    description - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD -> ISC - added env_keep += HOME (see rhbz#614025) for backwards compatibility - added Defaults !visiblepw - fixes CVE-2010-2956 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49197
    published2010-09-12
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49197
    titleFedora 13 : sudo-1.7.4p4-1.fc13 (2010-14355)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20100907_SUDO_ON_SL5_X.NASL
    descriptionA flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956)
    last seen2020-06-01
    modified2020-06-02
    plugin id60854
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/60854
    titleScientific Linux Security Update : sudo on SL5.x i386/x86_64
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_67B514C3BA8F11DF8F6E000C29A67389.NASL
    descriptionTodd Miller reports : Beginning with sudo version 1.7.0 it has been possible to grant permission to run a command using a specified group via sudo -g option (run as group). A flaw exists in the logic that matches Runas groups in the sudoers file when the -u option is also specified (run as user). This flaw results in a positive match for the user specified via -u so long as the group specified via -g is allowed by the sudoers file. Exploitation of the flaw requires that Sudo be configured with sudoers entries that contain a Runas group. Entries that do not contain a Runas group, or only contain a Runas user are not affected.
    last seen2020-06-01
    modified2020-06-02
    plugin id49123
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49123
    titleFreeBSD : sudo -- Flaw in Runas group matching (67b514c3-ba8f-11df-8f6e-000c29a67389)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-14996.NASL
    description - reset $HOME when the `-i
    last seen2020-06-01
    modified2020-06-02
    plugin id49721
    published2010-10-06
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49721
    titleFedora 12 : sudo-1.7.4p4-2.fc12 (2010-14996)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201009-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201009-03 (sudo: Privilege Escalation) Multiple vulnerabilities have been reported in sudo: Evan Broder and Anders Kaseorg of Ksplice, Inc. reported that the sudo
    last seen2020-06-01
    modified2020-06-02
    plugin id49124
    published2010-09-08
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49124
    titleGLSA-201009-03 : sudo: Privilege Escalation
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-175.NASL
    descriptionA vulnerability has been found and corrected in sudo : Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a -u root sequence (CVE-2010-2956). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49205
    published2010-09-13
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49205
    titleMandriva Linux Security Advisory : sudo (MDVSA-2010:175)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2010-0675.NASL
    descriptionAn updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled Runas specifications containing both a user and a group list. If a local user were authorized by the sudoers file to perform their sudo commands with the privileges of a specified user and group, they could use this flaw to run those commands with the privileges of either an arbitrary user or group on the system. (CVE-2010-2956) Red Hat would like to thank Markus Wuethrich of Swiss Post - PostFinance for reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49203
    published2010-09-13
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49203
    titleCentOS 5 : sudo (CESA-2010:0675)
  • NASL familySlackware Local Security Checks
    NASL idSLACKWARE_SSA_2010-257-02.NASL
    descriptionNew sudo packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49230
    published2010-09-15
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49230
    titleSlackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 8.1 / 9.0 / 9.1 / current : sudo (SSA:2010-257-02)

Redhat

advisories
bugzilla
id628628
titleCVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentsudo is earlier than 0:1.7.2p1-8.el5_5
      ovaloval:com.redhat.rhsa:tst:20100675001
    • commentsudo is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20090267002
rhsa
idRHSA-2010:0675
released2010-09-07
severityImportant
titleRHSA-2010:0675: sudo security update (Important)
rpms
  • sudo-0:1.7.2p1-8.el5_5
  • sudo-debuginfo-0:1.7.2p1-8.el5_5