|
Family: Ubuntu Local Security Checks --> Category: infos
USN142-1 : sudo vulnerability Vulnerability Scan
Vulnerability Scan Summary sudo vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "sudo" is missing a security patch.
Description :
Charles Morris discovered a race condition in sudo which could lead to
privilege escalation. If /etc/sudoers allowed a user the execution of
selected programs, and this was followed by another line containing
the pseudo-command "ALL", that user could execute arbitrary commands
with sudo by creating symbolic links at a certain time.
Please note that this does not affect a standard Ubuntu installation.
Solution :
Upgrade to :
- sudo-1.6.8p5-1ubuntu2.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|