Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN28-1 : sudo vulnerability Vulnerability Scan

Vulnerability Scan Summary
sudo vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote package "sudo" is missing a security patch.

Description :

Liam Helmer discovered an input validation flaw in sudo. When the
standard shell "bash" starts up, it searches the environment for
variables with a value beginning with "()". For each of these
variables a function with the same name is created, with the function
body filled in from the environment variable's value.

A malicious user with sudo access to a shell script that uses bash can
use this feature to substitute arbitrary commands for any
non-fully-qualified programs called from the script. Therefore this
flaw can lead to privilege escalation.

Solution :

Upgrade to :
- sudo-1.6.7p5-1ubuntu4.1 (Ubuntu 4.10)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.