Vulnerabilities > CVE-2014-9680 - Information Exposure vulnerability in Sudo Project Sudo
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
sudo before 1.8.12 does not ensure that the TZ environment variable is associated with a zoneinfo file, which allows local users to open arbitrary files for read access (but not view file contents) by running a program within an sudo session, as demonstrated by interfering with terminal output, discarding kernel-log messages, or repositioning tape drives.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 10 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Subverting Environment Variable Values The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Exploiting Trust in Client (aka Make the Client Invisible) An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
- Browser Fingerprinting An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
- Session Credential Falsification through Prediction This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_SU-2015-0985-1.NASL description This update for sudo provides the following fixes : Handle TZ environment variable safely. (CVE-2014-9680, bnc#917806) Do not truncate long commands (131072 or more characters) without any warning. (bnc#901145) Create log files with ownership set to user and group last seen 2020-06-01 modified 2020-06-02 plugin id 83971 published 2015-06-03 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83971 title SUSE SLED11 / SLES11 Security Update : sudo (SUSE-SU-2015:0985-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2015:0985-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(83971); script_version("2.11"); script_cvs_date("Date: 2019/09/11 11:22:12"); script_cve_id("CVE-2014-9680"); script_bugtraq_id(72649); script_name(english:"SUSE SLED11 / SLES11 Security Update : sudo (SUSE-SU-2015:0985-1)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for sudo provides the following fixes : Handle TZ environment variable safely. (CVE-2014-9680, bnc#917806) Do not truncate long commands (131072 or more characters) without any warning. (bnc#901145) Create log files with ownership set to user and group 'root'. (bnc#904694) Close PAM session properly. (bnc#880764) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=880764" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=901145" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=904694" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=917806" ); # https://download.suse.com/patch/finder/?keywords=3f29625c93073c1ed3b6a38fb74296cb script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0d3f8d40" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2014-9680/" ); # https://www.suse.com/support/update/announcement/2015/suse-su-20150985-1.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b59a2d89" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Server 11 SP3 for VMware : zypper in -t patch slessp3-sudo=10686 SUSE Linux Enterprise Server 11 SP3 : zypper in -t patch slessp3-sudo=10686 SUSE Linux Enterprise Desktop 11 SP3 : zypper in -t patch sledsp3-sudo=10686 To bring your system up-to-date, use 'zypper patch'." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:sudo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"vuln_publication_date", value:"2017/04/24"); script_set_attribute(attribute:"patch_publication_date", value:"2015/06/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/06/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED11|SLES11)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED11 / SLES11", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLES11 SP3", os_ver + " SP" + sp); if (os_ver == "SLED11" && (! preg(pattern:"^(3)$", string:sp))) audit(AUDIT_OS_NOT, "SLED11 SP3", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES11", sp:"3", reference:"sudo-1.7.6p2-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"x86_64", reference:"sudo-1.7.6p2-0.23.1")) flag++; if (rpm_check(release:"SLED11", sp:"3", cpu:"i586", reference:"sudo-1.7.6p2-0.23.1")) flag++; if (flag) { if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get()); else security_note(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sudo"); }
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2015-126.NASL description Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library last seen 2020-06-01 modified 2020-06-02 plugin id 82379 published 2015-03-30 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82379 title Mandriva Linux Security Advisory : sudo (MDVSA-2015:126) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2015:126. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(82379); script_version("1.3"); script_cvs_date("Date: 2019/08/02 13:32:56"); script_cve_id("CVE-2014-9680"); script_xref(name:"MDVSA", value:"2015:126"); script_name(english:"Mandriva Linux Security Advisory : sudo (MDVSA-2015:126)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated sudo packages fix security vulnerability : Prior to sudo 1.8.12, the TZ environment variable was passed through unchecked. Most libc tzset() implementations support passing an absolute pathname in the time zone to point to an arbitrary, user-controlled file. This may be used to exploit bugs in the C library's TZ parser or open files the user would not otherwise have access to. Arbitrary file access via TZ could also be used in a denial of service attack by reading from a file or fifo that will block (CVE-2014-9680). The sudo package has been updated to version 1.8.12, fixing this issue and several other bugs." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2015-0079.html" ); script_set_attribute( attribute:"solution", value:"Update the affected sudo and / or sudo-devel packages." ); script_set_attribute(attribute:"risk_factor", value:"High"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sudo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:sudo-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:2"); script_set_attribute(attribute:"patch_publication_date", value:"2015/03/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"sudo-1.8.12-1.mbs2")) flag++; if (rpm_check(release:"MDK-MBS2", cpu:"x86_64", reference:"sudo-devel-1.8.12-1.mbs2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2015-0103.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - RHEL-6.7 erratum - modified the authlogicfix patch to fix #1144448 - fixed a bug in the ldapusermatchfix patch Resolves: rhbz#1144448 Resolves: rhbz#1142122 - RHEL-6.7 erratum - fixed the mantypos-ldap.patch Resolves: rhbz#1138267 - RHEL-6.7 erratum - added patch for (CVE-2014-9680) - added BuildRequires for tzdata Resolves: rhbz#1200253 - RHEL-6.7 erratum - added zlib-devel build required to enable zlib compression support - fixed two typos in the sudoers.ldap man page - fixed a hang when duplicate nss entries are specified in nsswitch.conf - SSSD: implemented sorting of the result entries according to the sudoOrder attribute - LDAP: fixed logic handling the computation of the last seen 2020-06-01 modified 2020-06-02 plugin id 85144 published 2015-07-31 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85144 title OracleVM 3.3 : sudo (OVMSA-2015-0103) NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2015-047-03.NASL description New sudo packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 81388 published 2015-02-17 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81388 title Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / current : sudo (SSA:2015-047-03) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-2533-1.NASL description Jakub Wilk and Stephane Chazelas discovered that Sudo incorrectly handled the TZ environment variable. An attacker with Sudo access could possibly use this issue to open arbitrary files, bypassing intended permissions. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 81881 published 2015-03-17 reporter Ubuntu Security Notice (C) 2015-2019 Canonical, Inc. / NASL script (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81881 title Ubuntu 10.04 LTS / 12.04 LTS / 14.04 LTS / 14.10 : sudo vulnerability (USN-2533-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-703.NASL description sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806). last seen 2020-06-05 modified 2015-11-05 plugin id 86738 published 2015-11-05 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86738 title openSUSE Security Update : sudo (openSUSE-2015-703) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2247.NASL description - update to 1.8.12 - fixes CVE-2014-9680 Update to 1.8.11p2 Major upstream changes & fixes : - when running a command in the background, sudo will now forward SIGINFO to the command - the passwords in ldap.conf and ldap.secret may now be encoded in base64. - SELinux role changes are now audited. For sudoedit, we now audit the actual editor being run, instead of just the sudoedit command. - it is now possible to match an environment variable last seen 2020-06-05 modified 2015-02-24 plugin id 81458 published 2015-02-24 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81458 title Fedora 20 : sudo-1.8.12-1.fc20 (2015-2247) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-160.NASL description This update fixes the CVEs described below. CVE-2014-0106 Todd C. Miller reported that if the env_reset option is disabled in the sudoers file, the env_delete option is not correctly applied to environment variables specified on the command line. A malicious user with sudo permissions may be able to run arbitrary commands with elevated privileges by manipulating the environment of a command the user is legitimately allowed to run. CVE-2014-9680 Jakub Wilk reported that sudo preserves the TZ variable from a user last seen 2020-03-17 modified 2015-03-26 plugin id 82144 published 2015-03-26 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82144 title Debian DLA-160-1 : sudo security update NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1402.NASL description This update for sudo fixes the following security issues : - Fix two security vulnerabilities that allowed users to bypass sudo last seen 2020-06-05 modified 2016-12-06 plugin id 95556 published 2016-12-06 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95556 title openSUSE Security Update : sudo (openSUSE-2016-1402) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201504-02.NASL description The remote host is affected by the vulnerability described in GLSA-201504-02 (sudo: Information disclosure) sudo does not handle the TZ environment variable properly. Impact : A local attacker may be able to read arbitrary files or information from device special files. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 82732 published 2015-04-13 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/82732 title GLSA-201504-02 : sudo: Information disclosure NASL family MacOS X Local Security Checks NASL id MACOSX_10_10_5.NASL description The remote host is running a version of Mac OS X 10.10.x that is prior to 10.10.5. It is, therefore, affected by multiple vulnerabilities in the following components : - apache - apache_mod_php - Apple ID OD Plug-in - AppleGraphicsControl - Bluetooth - bootp - CloudKit - CoreMedia Playback - CoreText - curl - Data Detectors Engine - Date & Time pref pane - Dictionary Application - DiskImages - dyld - FontParser - groff - ImageIO - Install Framework Legacy - IOFireWireFamily - IOGraphics - IOHIDFamily - Kernel - Libc - Libinfo - libpthread - libxml2 - libxpc - mail_cmds - Notification Center OSX - ntfs - OpenSSH - OpenSSL - perl - PostgreSQL - python - QL Office - Quartz Composer Framework - Quick Look - QuickTime 7 - SceneKit - Security - SMBClient - Speech UI - sudo - tcpdump - Text Formats - udf Note that successful exploitation of the most serious issues can result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 85408 published 2015-08-17 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/85408 title Mac OS X 10.10.x < 10.10.5 Multiple Vulnerabilities NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-1381.NASL description This update for sudo fixes the following issues : - fix two security vulnerabilities that allowed users to bypass sudo last seen 2020-06-05 modified 2016-12-05 plugin id 95533 published 2016-12-05 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95533 title openSUSE Security Update : sudo (openSUSE-2016-1381) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2015-1409.NASL description Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680) Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. This update also fixes the following bugs : * Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548) * Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581) * Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the last seen 2020-06-01 modified 2020-06-02 plugin id 84943 published 2015-07-23 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/84943 title RHEL 6 : sudo (RHSA-2015:1409) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2015-1409.NASL description From Red Hat Security Advisory 2015:1409 : Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680) Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. This update also fixes the following bugs : * Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548) * Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581) * Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the last seen 2020-06-01 modified 2020-06-02 plugin id 85104 published 2015-07-30 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85104 title Oracle Linux 6 : sudo (ELSA-2015-1409) NASL family Scientific Linux Local Security Checks NASL id SL_20150722_SUDO_ON_SL6_X.NASL description It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680) Note: The default sudoers configuration in Scientific Linux 6 removes the TZ variable from the environment in which commands run by sudo are executed. This update also fixes the following bugs : - Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. - Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. - Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the last seen 2020-03-18 modified 2015-08-04 plugin id 85207 published 2015-08-04 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85207 title Scientific Linux Security Update : sudo on SL6.x i386/x86_64 (20150722) NASL family SuSE Local Security Checks NASL id SUSE_SU-2016-2904-1.NASL description This update for sudo fixes the following security issues : - Fix two security vulnerabilities that allowed users to bypass sudo last seen 2020-06-01 modified 2020-06-02 plugin id 95317 published 2016-11-25 reporter This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/95317 title SUSE SLED12 / SLES12 Security Update : sudo (SUSE-SU-2016:2904-1) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-3167.NASL description Jakub Wilk reported that sudo, a program designed to provide limited super user privileges to specific users, preserves the TZ variable from a user last seen 2020-03-17 modified 2015-02-23 plugin id 81426 published 2015-02-23 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/81426 title Debian DSA-3167-1 : sudo - security update NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2015-1409.NASL description Updated sudo packages that fix one security issue, three bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. It was discovered that sudo did not perform any checks of the TZ environment variable value. If sudo was configured to preserve the TZ environment variable, a local user with privileges to execute commands via sudo could possibly use this flaw to achieve system state changes not permitted by the configured commands. (CVE-2014-9680) Note: The default sudoers configuration in Red Hat Enterprise Linux removes the TZ variable from the environment in which commands run by sudo are executed. This update also fixes the following bugs : * Previously, the sudo utility child processes could sometimes become unresponsive because they ignored the SIGPIPE signal. With this update, SIGPIPE handler is properly restored in the function that reads passwords from the user, and the child processes no longer ignore SIGPIPE. As a result, sudo child processes do not hang in this situation. (BZ#1094548) * Prior to this update, the order in which sudo rules were processed did not honor the user-defined sudoOrder attribute. Consequently, sudo rules were processed in an undefined order even when the user defined the order in sudoOrder. The implementation of SSSD support in sudo has been modified to sort the rules according to the sudoOrder value, and sudo rules are now sorted in the order defined by the user in sudoOrder. (BZ#1138581) * Previously, sudo became unresponsive after the user issued a command when a sudoers source was mentioned multiple times in the /etc/nsswitch.conf file. The problem occurred when nsswitch.conf contained, for example, the last seen 2020-06-01 modified 2020-06-02 plugin id 85017 published 2015-07-28 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85017 title CentOS 6 : sudo (CESA-2015:1409) NASL family SuSE Local Security Checks NASL id OPENSUSE-2015-687.NASL description sudo was updated to fix one security issue. This security issue was fixed : - CVE-2014-9680: Unsafe handling of TZ environment variable (bsc#917806). last seen 2020-06-05 modified 2015-11-20 plugin id 86956 published 2015-11-20 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/86956 title openSUSE Security Update : sudo (openSUSE-2015-687) NASL family Fedora Local Security Checks NASL id FEDORA_2015-2281.NASL description - update to 1.8.12 - fixes CVE-2014-9680 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2015-02-23 plugin id 81431 published 2015-02-23 reporter This script is Copyright (C) 2015-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/81431 title Fedora 21 : sudo-1.8.12-1.fc21 (2015-2281)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://openwall.com/lists/oss-security/2014/10/15/24
- http://openwall.com/lists/oss-security/2014/10/15/24
- http://rhn.redhat.com/errata/RHSA-2015-1409.html
- http://rhn.redhat.com/errata/RHSA-2015-1409.html
- http://www.securitytracker.com/id/1033158
- http://www.securitytracker.com/id/1033158
- http://www.sudo.ws/alerts/tz.html
- http://www.sudo.ws/alerts/tz.html
- https://security.gentoo.org/glsa/201504-02
- https://security.gentoo.org/glsa/201504-02