Test Kennung:	1.3.6.1.4.1.25623.1.0.67308
Kategorie:	Mandrake Local Security Checks
Titel:	Mandriva Security Advisory MDVSA-2010:078 (sudo)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to sudo announced via advisory MDVSA-2010:078. A vulnerability has been found and corrected in sudo: The command matching functionality in sudo 1.6.8 through 1.7.2p5 does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry for ., which allows local users to execute arbitrary commands via a Trojan horse executable, as demonstrated using sudoedit, a different vulnerability than CVE-2010-0426 (CVE-2010-1163). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:078 Risk factor : High CVSS Score: 6.9
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0426 1023658 http://securitytracker.com/id?1023658 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 38362 http://www.securityfocus.com/bid/38362 38659 http://secunia.com/advisories/38659 38762 http://secunia.com/advisories/38762 38795 http://secunia.com/advisories/38795 38803 http://secunia.com/advisories/38803 38915 http://secunia.com/advisories/38915 39399 http://secunia.com/advisories/39399 ADV-2010-0450 http://www.vupen.com/english/advisories/2010/0450 ADV-2010-0949 http://www.vupen.com/english/advisories/2010/0949 DSA-2006 http://www.debian.org/security/2010/dsa-2006 FEDORA-2010-6701 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html FEDORA-2010-6749 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html GLSA-201003-01 http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml MDVSA-2010:049 http://www.mandriva.com/security/advisories?name=MDVSA-2010:049 SSA:2010-110-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 SUSE-SR:2010:006 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html USN-905-1 http://www.ubuntu.com/usn/USN-905-1 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://sudo.ws/bugs/show_bug.cgi?id=389 http://sudo.ws/repos/sudo/rev/88f3181692fe http://sudo.ws/repos/sudo/rev/f86e1b56d074 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/ http://www.sudo.ws/sudo/stable.html oval:org.mitre.oval:def:10814 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814 oval:org.mitre.oval:def:7238 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238 Common Vulnerability Exposure (CVE) ID: CVE-2010-1163 20100419 sudoedit local privilege escalation through PATH manipulation http://www.securityfocus.com/archive/1/510827/100/0/threaded 20100420 Re: sudoedit local privilege escalation through PATH manipulation http://www.securityfocus.com/archive/1/510846/100/0/threaded 20100422 Re: sudoedit local privilege escalation through PATH manipulation http://www.securityfocus.com/archive/1/510880/100/0/threaded 39384 http://secunia.com/advisories/39384 39468 http://www.securityfocus.com/bid/39468 39474 http://secunia.com/advisories/39474 39543 http://secunia.com/advisories/39543 43068 http://secunia.com/advisories/43068 63878 http://www.osvdb.org/63878 ADV-2010-0881 http://www.vupen.com/english/advisories/2010/0881 ADV-2010-0895 http://www.vupen.com/english/advisories/2010/0895 ADV-2010-0904 http://www.vupen.com/english/advisories/2010/0904 ADV-2010-0956 http://www.vupen.com/english/advisories/2010/0956 ADV-2010-1019 http://www.vupen.com/english/advisories/2010/1019 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 FEDORA-2010-6756 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html MDVSA-2010:078 http://www.mandriva.com/security/advisories?name=MDVSA-2010:078 RHSA-2010:0361 http://www.redhat.com/support/errata/RHSA-2010-0361.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html USN-928-1 http://www.ubuntu.com/usn/USN-928-1 http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html oval:org.mitre.oval:def:9382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382 sudo-sudoefit-privilege-escalation(57836) https://exchange.xforce.ibmcloud.com/vulnerabilities/57836
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.