|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:103: sudo Vulnerability Scan
Vulnerability Scan Summary Check for the version of the sudo package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:103 (sudo).
A race condition was discovered in sudo by Charles Morris. This could lead to
the escalation of rights if /etc/sudoers allowed a user to execute selected
programs that were then followed by another line containing the pseudo-command
'ALL'. By creating symbolic links at a certain time, that user could execute
arbitrary commands.
The updated packages have been patched to correct this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:103
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|