Security restrictions bypass in Sudo



Published: 2019-12-20 | Updated: 2020-01-30
Risk Low
Patch available YES
Number of vulnerabilities 2
CVE-ID CVE-2019-19234
CVE-2019-19232
CWE-ID CWE-264
Exploitation vector Local
Public exploit N/A
Vulnerable software
Subscribe
Sudo
Client/Desktop applications / Software for system administration

Vendor Sudo

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

Updated: 30.01.2020

Changed bulletin status to patched.

1) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23782

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-19234

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to impersonate other users on the system.

The vulnerability exists due to incorrect handling of the blocked users (e.g., by using the ! character in the shadow file instead of a password hash) in sudo. A local user with access to a Runas ALL sudoer account can impersonate blocked users.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Sudo: 1.8.0 - 1.8.29


CPE2.3 External links

http://www.sudo.ws/devel.html#1.8.30b2
http://www.sudo.ws/stable.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23783

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:U/RC:C]

CVE-ID: CVE-2019-19232

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to impersonate nonexistent users.

The vulnerability exists in sudo due to incorrect processing of numeric uids that are not associated with any existing user account. A local user with access to a Runas ALL sudoer accountcan impersonate a a nonexistent user.

Mitigation

Install update from vendor's website.

Vulnerable software versions

Sudo: 1.8.0 - 1.8.29


CPE2.3 External links

http://www.sudo.ws/devel.html#1.8.30b2
http://www.sudo.ws/stable.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###