Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:133: sudo Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the sudo package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:133 (sudo).
Liam Helmer discovered a flow in sudo's environment sanitizing. This flaw could
allow a malicious users with permission to run a shell script that uses the
bash shell to run arbitrary commands.
The problem is fixed in sudo 1.6.8p2
the provided packages have been patched
to correct the issue.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:133
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.