CERTA-2010-AVI-299
Vulnerability from certfr_avis
Une vulnérabilité de sudo permet à un utilisateur malveillant d'élever ses privilèges.
Description
Lorsque le programme sudo est utilisé avec l'option secure path, un utilisateur malveillant peut exécuter des commandes qui ne lui sont pas autorisées en manipulant la variable PATH.
Solution
Les version 1.6.9p23 et 1.7.2p7 remédient à ce problème.
Se référer aux bulletins de sécurité des éditeurs pour l'obtention des correctifs (cf. section Documentation).
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "sudo, version 1.x.",
"product": {
"name": "Sudo",
"vendor": {
"name": "Sudo",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Description\n\nLorsque le programme sudo est utilis\u00e9 avec l\u0027option secure path, un\nutilisateur malveillant peut ex\u00e9cuter des commandes qui ne lui sont pas\nautoris\u00e9es en manipulant la variable PATH.\n\n## Solution\n\nLes version 1.6.9p23 et 1.7.2p7 rem\u00e9dient \u00e0 ce probl\u00e8me.\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 des \u00e9diteurs pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2010-1646",
"url": "https://www.cve.org/CVERecord?id=CVE-2010-1646"
}
],
"initial_release_date": "2010-07-02T00:00:00",
"last_revision_date": "2010-07-02T00:00:00",
"links": [
{
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora FEDORA-2010-9417 du 21 juin 2010 :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDVSA-2010:118 du 17 juin 2010 :",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:118"
},
{
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora FEDORA-2010-9402 du 14 juin 2010 :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA 2062 du 17 juin 2010 :",
"url": "http://www.debian.org/security/2010/dsa-2062"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-956-1 du 30 juin 2010 :",
"url": "http://www.ubuntulinux.org/usn/usn-956-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 RedHat RHSA-2010:0475 du 15 juin 2010 :",
"url": "http://rhn.redhat.com/errata/RHSA-2010-0475.html"
},
{
"title": "Mise \u00e0 jour de s\u00e9curit\u00e9 Fedora FEDORA-2010-9415 du 21 juin 2010 :",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html"
}
],
"reference": "CERTA-2010-AVI-299",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2010-07-02T00:00:00.000000"
}
],
"risks": [
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 de \u003cspan class=\"textit\"\u003esudo\u003c/span\u003e permet \u00e0 un\nutilisateur malveillant d\u0027\u00e9lever ses privil\u00e8ges.\n",
"title": "Vuln\u00e9rabilit\u00e9 de sudo",
"vendor_advisories": [
{
"published_at": "2010-06-02",
"title": "Bulletin de s\u00e9curit\u00e9 du projet sudo",
"url": "http://www.sudo.ws/sudo/alerts/secure_path.html"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…