DerScanner
Home / Vulnerability Database / Perl : Executing the sudo command inside the application
Perl

Perl : Executing the sudo command inside the application

Classification

CWE
CWE-250CWE-272
CWE/SANS Top 25 2011
CWE-250

Overview

Inside the application, code is executed with sudo, which can lead to escalation of privileges.

The sudo command allows users, after entering a password, to execute commands on behalf of a superuser (“root”) or other users. Running a script using this command can potentially be a security hole, especially if there are vulnerabilities in the script being run. In addition, running the application will require a password from the user or a special configuration of the sudoers file each time.

References

  1. Wiki: sudo
  2. What are the security risks in leaving ‘sudo’ inside my production code?
  3. How do I run a ‘sudo’ command inside a script?
  4. CWE-272: Least Privilege Violation
  5. CWE-250: Execution with Unnecessary Privileges
MEDIUM

DerScanner Severity Score

Do you want to fix Perl : Executing the sudo command inside the application in your application?

See also

Perl

Perl : Empty encryption key

Perl

Perl : Undocumented feature: special account

Perl

Perl : Undocumented feature: time bomb