FreeBSD : sudo -- Privilege escalation with sudoedit (1a9f678d-48ca-11df-85f8-000c29a67389)

Medium Nessus Plugin ID 45547


The remote FreeBSD host is missing a security-related update.


Todd Miller reports :

Sudo's command matching routine expects actual commands to include one or more slash ('/') characters. The flaw is that sudo's path resolution code did not add a './' prefix to commands found in the current working directory. This creates an ambiguity between a 'sudoedit' command found in the cwd and the 'sudoedit' pseudo-command in the sudoers file. As a result, a user may be able to run an arbitrary command named 'sudoedit' in the current working directory.
For the attack to be successful, the PATH environment variable must include '.' and may not include any other directory that contains a 'sudoedit' command.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 45547

File Name: freebsd_pkg_1a9f678d48ca11df85f8000c29a67389.nasl

Version: $Revision: 1.7 $

Type: local

Published: 2010/04/16

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:sudo, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2010/04/15

Vulnerability Publication Date: 2010/04/09

Reference Information

CVE: CVE-2010-1163