|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:201: sudo Vulnerability Scan
Vulnerability Scan Summary Check for the version of the sudo package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:201 (sudo).
Tavis Ormandy discovered that sudo does not perform sufficient environment
cleaning
in particular the SHELLOPTS and PS4 variables are still passed to the
program running as an alternate user which can result in the execution of
arbitrary commands as the alternate user when a bash script is executed. The
updated packages have been patched to correct this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:201
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|