Post on 02-Jun-2018
transcript
8/11/2019 BT 2010 Sudo Vulnerability Analysis
1/14
BeyondTrust 2010 1Q 2011
sudo Vulnerability Report
By electing to use PowerBroker Servers, exposure to
security vulnerabilities from sudo are mitigated
AbstractThis BeyondTrust report investigates all vulnerabilities published by The NationalInstitute of Standards and Technology (NIST) sudo Security Bulletins. It reports onvulnerabilities that are mitigated by configuring users to operate without the root
password to UNIX and Linux operating systems. The results show that despiteunpredictable and evolving attacks, companies can greatly reduce risks andthreats from a myriad of security vulnerabilities by withholding root access from ITstaff.
www.beyondtrust.com
BeyondTrust
2173 Salk Avenue
Carlsbad, California 92008Phone: +1 800-234-9072
Vulnerability Report
8/11/2019 BT 2010 Sudo Vulnerability Analysis
2/14
2 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Table of Contents
Executive Summary .............................................................................................................................................................. 3
About the Data Collection and Analysis ....................................................................................................................... 3
Vulnerabilities by Type and Frequency ......................................................................................................................... 4
Analysis of sudo Vulnerabilities 2010 1Q 2011........................................................................................................ 5
Dept. of Homeland Security Insider Threat Study Cautions Use of sudo ......................................................... 6
System Logs ........................................................................................................................................................................ 6
sudo Unpatched Vulnerabilities Can Illicit Illegal Activity .................................................................................. 7
Case Study Reveals Governance, Risk and Compliance (GRC) Implications with sudo ............................... 8
Conclusion ............................................................................................................................................................................... 9
About BeyondTrust ............................................................................................................................................................... 9
PowerBroker RBAC Model Benefits ....................................................................................................................... 10
How Does PowerBroker Servers Outperform sudo? ....................................................................................... 11
PowerBroker Servers sudo Migration Tool .............................................................................................................. 12
Appendix A NIST Sudo Security Bulletins ............................................................................................................... 13
Contact Information .......................................................................................................................................................... 14
8/11/2019 BT 2010 Sudo Vulnerability Analysis
3/14
3 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Executive Summary
NIST, sudo developers, and UNIX/Linux distributors regularly identify new security vulnerabilities in
sudo that allow users with limited access rights to escalate their privileges. Additionally,administrators and users also identify a multitude of undisclosed vulnerabilities regarding sudo. The
sudo (super user do) command is intended to allow users to execute certain commands at another
user's privilege level - usually root.
By examining all of the published sudo vulnerabilities in 2010 and all of the published sudo
vulnerabilities to date, this report quantifies the risks associated with root-level access.
NIST, Todd Miller and Gratisoft are to be lauded for releasing patches to known vulnerabilities each
month. However, vulnerabilities take time to identify and patches take time to apply. In fact, some of
the recently discovered vulnerabilities significantly impact versions of sudo dating back 10-15 years.
Also, since sudo comes pre-installed on nearly every Linux and UNIX machine, it is highly likely thatorganizations have multiple versions of the utility and are often not aware of which version in on
which host, making patching an even bigger challenge.
During this period, threats can damage a corporate network and gain access to sensitive information.
As companies integrate UNIX and Linux, operating systems that are especially popular in heavily
virtualized or cloud environments, they need to include plans to mitigate risk with a more
sophisticated and secure solution for privileged access, so users can operate effectively without the
root password.
About the Data Collection and Analysis
Todd Miller and the NIST publishes Security Bulletin Summaries periodically to notify customers of the
security updates they have made to address vulnerabilities in sudo products. The following Web page
contains links to all of the sudo Security Bulletin Summaries for 2010 and Q1 2011,
http://web.nvd.nist.gov/view/vuln/search.Table 1, located in the Appendix, contains a list of all
Security Bulletins and vulnerabilities published in 2010-Q1 2011.
This report uses information found in the individual Security Bulletins to classify vulnerabilities by
Severity Rating, Vulnerability Impact, Affected OS, as well as to determine if removing root-level access
will mitigate a vulnerability.
http://web.nvd.nist.gov/view/vuln/searchhttp://web.nvd.nist.gov/view/vuln/searchhttp://web.nvd.nist.gov/view/vuln/search8/11/2019 BT 2010 Sudo Vulnerability Analysis
4/14
4 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Vulnerabilities by Type and FrequencyFrom 2010 through Q1 2011, the Department of Homeland Security (DHS) released 10 vulnerability
alerts for sudo with a medium or high severity rating. DHSNational Vulnerability Database(NVD) is
the U.S. government repository of standards based vulnerability management data represented using
theSecurity Content Automation Protocol(SCAP).
The chart below (Fig. 1) illustrates the types of vulnerabilities that have appeared since 2010 on DHS
National Vulnerability Database, and the number of times these vulnerabilities appeared among the
10 sudo alerts. It is important to note that multiple types of vulnerabilities have appeared in one alert
(i.e.,Allows Disclosure of Data). This data was retrieved fromhttp://web.nvd.nist.gov/view/vuln/search:
Figure 1. Number of Times a Vulnerability Appeared in sudo Alerts.
1
1http://web.nvd.nist.gov/view/vuln/search-
results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=false
9
2
10 10
0
2
4
6
8
10
12
Allows Unauthorized
Modification
Provides Full
Admin Access
Allows Disclosure
of Data
Allows Disruption
of Service
Numbe
rofsudoAlerts
Vulnerabilities by Type
Number of Times a Vulnerability
Appeared in sudo Alerts2010 - Q1 2011
http://nvd.nist.gov/home.cfmhttp://nvd.nist.gov/home.cfmhttp://nvd.nist.gov/home.cfmhttp://scap.nist.gov/http://scap.nist.gov/http://scap.nist.gov/http://web.nvd.nist.gov/view/vuln/searchhttp://web.nvd.nist.gov/view/vuln/searchhttp://web.nvd.nist.gov/view/vuln/searchhttp://web.nvd.nist.gov/view/vuln/search-results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=falsehttp://web.nvd.nist.gov/view/vuln/search-results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=falsehttp://web.nvd.nist.gov/view/vuln/search-results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=falsehttp://web.nvd.nist.gov/view/vuln/search-results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=falsehttp://web.nvd.nist.gov/view/vuln/search-results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=falsehttp://web.nvd.nist.gov/view/vuln/search-results?page_num=0&cves=true&query=sudo&uscert_ta=false&uscert_vn=false&oval_query=false&adv_search=falsehttp://web.nvd.nist.gov/view/vuln/searchhttp://scap.nist.gov/http://nvd.nist.gov/home.cfm8/11/2019 BT 2010 Sudo Vulnerability Analysis
5/14
5 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Analysis of sudo Vulnerabilities 2010 1Q 2011
By electing to use PowerBroker Servers, exposure to 100% of sudo vulnerabilities can be mitigated.
As mentioned in the executive summary, vulnerabilities take time to identify and patches take time to
apply. In fact, some of the recently discovered vulnerabilities significantly impact versions of sudo
dating back 10-15 years. Also, since sudo comes pre-installed on nearly every Linux and UNIX machine,
it is highly likely that organizations have multiple versions of the utility and are often not aware of
which version in on which host, making patching an even bigger challenge.
UNIX and Linux provides the platform to some of the most widely used mission-critical applications in
the world. Given the prevalence of the sudo software and number of vulnerabilities, increased securityprotection is key.
Figure 2.All reported sudo vulnerabilities are mitigated by using PowerBroker Servers.
100%
100% of sudo Vulnerabilities can be
Mitigated by using PowerBroker Servers
8/11/2019 BT 2010 Sudo Vulnerability Analysis
6/14
6 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Dept. of Homeland Security Insider Threat StudyCautions Use of sudo
Every year, the United States DHS and CERT releasetheir annual reportthat details the research anddata regarding inside employees and their threat to an organization or critical infrastructure.
The insider threat is a problem faced by all industries and sectors today. It is an issue of growing
concern as the consequences of insider incidents can include not only financial losses, but the loss of
clients and business days. The actions of a single insider can cause damage to an organization ranging
from a few lost staff hours to negative publicity and financial damage so extensive that a business may
be forced to lay off employees or even close its doors.
Furthermore, insider incidents can have repercussions extending beyond the affected organization to
include disruption of operations or services critical to a specific sector, or the issuance of fraudulent
identities that create serious risks to public safety and national security.
This report identifies the sudo utility as a vulnerability due to the face that technical vulnerabilities can
facilitate illicit activity. Some of the technical insiders in this report took advantage of system
vulnerabilities to commit their illicit acts. It is important that organizations realize that:
System vulnerabilities provide a tactical opportunity for both external attackers and insiders
to carry out illicit activity
The organizations network and system architecture and configuration decisions can create
new vulnerabilities
System Logs
Some of the insiders came very close to successfully carrying out their malicious activities without
being identified and caught. When configuring their systems, organizations should consider the
importance of the system logs when investigating any security incidents, as well as the threat posed
to those logs by their technical users.
One insider was able to plant a logic bomb into a system utility, edit his supervisors profile to frame
him for the destruction, and edit system logs to delete all evidence of his actions. In an interview with
this particular insider he stated that the organization used wide open sudo, which enabled any user
to perform any system administration functions.
He also said that the system logging was configured so that he was able to edit all of the log files and
delete all traces of his actions except those that he purposely modified to point to his supervisor.
However, he forgot about a single system log, which took months for an external forensics expert to
locate. It is important that organizations realize that their system logs can provide valuable evidence
in case of an insider incident and configure their systems accordingly.
http://www.cert.org/archive/pdf/insiderthreat_it2008.pdfhttp://www.cert.org/archive/pdf/insiderthreat_it2008.pdfhttp://www.cert.org/archive/pdf/insiderthreat_it2008.pdfhttp://www.cert.org/archive/pdf/insiderthreat_it2008.pdf8/11/2019 BT 2010 Sudo Vulnerability Analysis
7/14
7 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
System logs should be directed to a secure location and backed up so that they are protected from
manipulation, and can be restored in case of a system failure to trace all activities to their sources.
sudo Unpatched Vulnerabilities Can Illicit Illegal Activity
In one case cited within this report, an insider took advantage of an unpatched system vulnerability in
sudo to commit crimes. System vulnerabilities provide an avenue for unauthorized access to an
organizations systems.
External attackers must first locate the system with the vulnerabilities, but system administrators
inside an organization know which of their organizations systems are vulnerable. Therefore, should
they decide to attack their own organization, system administrators will have an easy mechanism for
gaining anonymous and unauthorized entry to the organizations systems at any time from inside or
outside the wall.
Organizations routinely assess the risk of an external attacker exploiting a system vulnerability to
obtain unauthorized access to their networks. However, it is important that organizations realize that
their own system administrators are aware of their patching policies and practices. They also fully
comprehend which of those many vulnerabilities are exploitable from outside the organizations
networks.
This insider knowledge can give them the ability to use an external account to gain access to the
system, making identification of the perpetrators much more difficult. The question companies need
to ask is, how many attacks that appear to come from external accounts are aided by insiders?
In addition to vulnerability patching, other network and system architecture and configuration
decisions made by an organization can increase risk of insider threats. For example, the organization
mentioned above that implemented wide open sudo provided an easy avenue for their insiders to
commit illicit activities.
These types of technical decisions should be considered carefully and should be reviewed by technical
staff with sufficient expertise to adequately assess the potential consequences.
8/11/2019 BT 2010 Sudo Vulnerability Analysis
8/14
8 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Case Study Reveals Governance, Risk and Compliance (GRC)Implications with sudo2
CETREL S.A. (www.cetrel.lu), a leader in advanced electronic payment technology, expert in electronic
transfers, and a trusted partner for electronic payment offers, experienced significant compliance and
auditing challenges using sudo to manage their IT environment.
Nicolas Debeffe, head of operational security at CETREL, is responsible for overseeing CETRELs
security operations, which includes their complex IT environment. For the last
several years, Mr. Debeffes security team had been using sudo to manage their critical
Unix/Linux assets and trace any access from CETRELs support teams to applicative or generic users.
While sudo initially seemed to manage CETRELs IT environment, they soon discovered
that there was an imminent need to find a simpler and more secure method to manage access and
accountability to generic users.
As we have been continually adding Unix and Linux servers to our
environment, as required for our operations, it was clear sudo raised
significant red flags over the adequate security over our logs required
by PCI DSS mandates, said Nicolas Debeffe.
Productivity was being hindered, as reviewing sudo logs required
accessing every server individually. Furthermore, sudo logs were
alterable by the super user and the sudo configuration time required
by system engineers was simply unacceptable, added Debeffe.
This example is a very common and real challenge for security managers globally, and the faster
organizations are cognizant of such red flags, the faster preventative measures can be implemented
from a strategically and compliant perspective.
2http://www.beyondtrust.com/PDFS/BeyondTrust_Cetrel_SA_CS_100319.pdf
http://www.beyondtrust.com/PDFS/BeyondTrust_Cetrel_SA_CS_100319.pdfhttp://www.beyondtrust.com/PDFS/BeyondTrust_Cetrel_SA_CS_100319.pdfhttp://www.beyondtrust.com/PDFS/BeyondTrust_Cetrel_SA_CS_100319.pdfhttp://www.beyondtrust.com/PDFS/BeyondTrust_Cetrel_SA_CS_100319.pdf8/11/2019 BT 2010 Sudo Vulnerability Analysis
9/14
9 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
ConclusionTodd Miller, NIST, and UNIX /Linux distributors do a commendable job of publically disclosing detailed
information about vulnerabilities and providing patches every month. However, software
vulnerabilities take time to identify and due to complex corporate environments, deploying patches
take time to apply. It is during this period of time that exploits of unpatched or undiscovered
vulnerabilities can damage a corporate network and gain access to sensitive information.
This report demonstrates the critical role that restricting administrator rights plays in protecting
against vulnerabilities. As companies evaluate their UNIX and Linux environments they need to
include plans to implement a server Privilege Identity Management (PIM) solution in order to reduce
the severity or prevent the exploitation of undiscovered or unpatched vulnerabilities and to ensure
that their users can operate effectively without the root password.
About BeyondTrustBeyondTrust is the global leader in privilege authorization management, access control and security
solutions for virtualization and cloud computing environments. BeyondTrust empowers IT governance
to strengthen security, improve productivity, drive compliance and reduce expense. The companys
products eliminate the risk of intentional, accidental and indirect misuse of privileges on desktops and
servers in heterogeneous IT systems.
With more than 25 years of global success, BeyondTrust is the pioneer of Privileged Identity
Management (PIM) solutions for heterogeneous IT environments. More than half of the companies
listed on the Dow Jones Industrial Average rely on BeyondTrust to secure their enterprises. Customers
include eight of the world's 10 largest banks, seven of the world's 10 largest aerospace and defense
firms, and six of the 10 largest U.S. pharmaceutical companies, as well as renowned universities.
The company is privately held, and headquartered in Carlsbad, California, with offices in the greater
Los Angeles area, greater Boston area, Washington DC, as well as EMEA offices in London, UK.
8/11/2019 BT 2010 Sudo Vulnerability Analysis
10/14
10 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
PowerBroker RBAC Model Benefits
Redundant permissions residing on multiple sudo files can now be consolidated into a single
streamlined policy file to ensure consistent protection, management and auditing.
This RBAC Model provides you with the ability to:
Reconfigure permissions
Regroup permissions
View Entitlement Reports
Entitlement reporting provides an essential element of audit control.
The reports contain RBAC information and list the selected object type (such as user, user group) at
the top level of the report. The entitlement reports are available as detail reports and as summary
reports.
8/11/2019 BT 2010 Sudo Vulnerability Analysis
11/14
11 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
How Does PowerBroker Servers Outperform sudo?
PowerBroker Servers has a variety of features that allow enterprises to meet security and compliance
objectives quickly and effectively using our cost-effective RBAC Model. PowerBroker increases
productivity via the following features:
Supports remote login and execution of a privileged command
Supports a list of unlimited input filters that can force the session to terminate whenever a
forbidden input pattern is detected
Supports the ability for a forbidden input pattern to be matched using a shell or regular
expression
Offers native support for the secure retrieval of a privileged user credential over a password
vault when accessing a remote server via Telnet or SSH
Offers native support for either a Telnet or SSH client that can monitor a remote session(s)
Offers native support for a web-based GUI that can be used for configuration and the
management of a list of remote tasks
Offers native support for remote i/o logging. PowerBroker can send data to a remote server
for automatic logging in order to preserve the integrity of the captured data
Can encrypt the session data when it is sent to a remote server and upon receipt, can also
encrypt this data so as to prevent viewing and/or tampering without using the supplied
PowerBroker tools
without using the supplied PowerBroker tools
Provides native support for failover authorization and logging servers, which includes log
synchronization over multiple log servers
Provides native support for a UNIX shell (pbsh and/or pbksh) that can be configured to
authorize a user request and optionally log session data
8/11/2019 BT 2010 Sudo Vulnerability Analysis
12/14
12 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
PowerBroker Servers sudo Migration Tool
sudo is a good stepping stone for smaller scale environments, but lacks architectural vision or general
security of code intended to protect critical assets. In smaller environments when policies are
enforced based on user names, well-defined security policies can be put in place most of the time.
But in enterprise environments when policies mix the security considerations (i.e., using usernames
and group names), an organization can end up with conflicting policies and a potentially ever-
growing list of constraints. This will lead to maintenance issues and a weakened security
environment. PowerBroker Servers provide the tools necessary to ensure a strengthened security
and compliant IT environment.
8/11/2019 BT 2010 Sudo Vulnerability Analysis
13/14
13 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Appendix A NIST Sudo Security Bulletins
Table 1.All vulnerabilities published in NIST 2010-1Q 2011 sudo Security Bulletins
Date
Bulletin
ID and
Link
Vulnerability TargetSeverity
RatingImpact of Vulnerability
Affected
Operating
System
Mitigated by
PowerBroker
Servers
Jan-11
pam_namespace.c in
the pam_namespace
module in Linux-PAM
(aka pam)
CVE-2010-
3853
6.9
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
Linux Yes
Jan-11
A certain Fedora patch
for parse.c in sudo
before 1.7.4p5-1.fc14
on Fedora 14
CVE-2011-
0008
6.9
Medium
Provides administrator access, Allows
complete confidentiality, integrity, and
availability violation; Allows unauthorized
disclosure of information; Allows disruption
of service
UNIX &
LinuxYes
Jan-11Check .c in sudo 1.7.x
before 1.7.4p5
CVE-2011-
0010
4.4
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
Sep-10Sudo 1.7.0 through
1.7.4p3
CVE-2010-
2956
6.2
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
Aug-10
The sudo feature in
Bugzilla 2.22rc1
through 3.2.7, 3.3.1
through 3.4.7, 3.5.1
through 3.6.1, and 3.7through 3.7.2
CVE-2010-
2757
6.5
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
Jun-10
The secure path
feature in env.c in
sudo 1.3.1 through
1.6.9p22 and 1.7.0
through 1.7.2p6
CVE-2010-
1646
6.2
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
Apr-10
The command
matching functionality
in sudo 1.6.8 through
1.7.2p5
CVE-2010-
1163
6.9
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
Feb-10sudo 1.6.x before
1.6.9p21
CVE-2010-
0427
4.4
Medium
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
Feb-10
sudo 1.6.x before
1.6.9p21 and 1.7.x
before 1.7.2p4,
CVE-2010-
0426
6.9
Medium
Provides administrator access, Allows
complete confidentiality, integrity, and
availability violation; Allows unauthorized
disclosure of information; Allows disruption
of service
UNIX &
LinuxYes
Feb-10
Accellion Secure File
Transfer Appliance
before 8_0_105
CVE-2009-
4648
7.2
High
Allows unauthorized disclosure of
information; Allows unauthorized
modification; Allows disruption of service
UNIX &
LinuxYes
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3853http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3853http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0008http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0008http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0010http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0010http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2757http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2757http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1646http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1646http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1163http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1163http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0427http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0427http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0426http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0426http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4648http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4648http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4648http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4648http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0426http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0426http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0427http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0427http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1163http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1163http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1646http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1646http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2757http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2757http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0010http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0010http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0008http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0008http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3853http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-38538/11/2019 BT 2010 Sudo Vulnerability Analysis
14/14
14 2010-11 Sudo Vulnerability Report 2011. BeyondTrust Software, Inc.
Contact Information
For more information about this report or if you have any questions, please contact:
BeyondTrust
Corporate Headquarters
2173 Salk Avenue
Carlsbad, CA 92008
+1 818-575-4000 (tel)
info@beyondtrust.com
mailto:info@beyondtrust.commailto:info@beyondtrust.commailto:info@beyondtrust.com