FreeBSD Local Security Checks : FreeBSD Ports: sudo

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56264

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: sudo

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: sudo

CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows
local users to gain privileges via the (1) SHELLOPTS and (2) PS4
environment variables before executing a bash script on behalf of
another user, which are not cleared even though other variables are.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-2959
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
BugTraq ID: 15191
http://www.securityfocus.com/bid/15191
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Debian Security Information: DSA-870 (Google Search)
http://www.debian.org/security/2005/dsa-870
http://www.mandriva.com/security/advisories?name=MDKSA-2005:201
http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html
http://secunia.com/advisories/17318
http://secunia.com/advisories/17322
http://secunia.com/advisories/17345
http://secunia.com/advisories/17390
http://secunia.com/advisories/17666
http://secunia.com/advisories/18549
http://secunia.com/advisories/24479
SuSE Security Announcement: SUSE-SR:2005:025 (Google Search)
http://www.securityfocus.com/advisories/9643
SuSE Security Announcement: SUSE-SR:2006:002 (Google Search)
http://www.novell.com/linux/security/advisories/2006_02_sr.html
https://usn.ubuntu.com/213-1/
http://www.vupen.com/english/advisories/2007/0930

Copyright Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56264
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: sudo
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: sudo CVE-2005-2959 Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2959 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html BugTraq ID: 15191 http://www.securityfocus.com/bid/15191 Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-870 (Google Search) http://www.debian.org/security/2005/dsa-870 http://www.mandriva.com/security/advisories?name=MDKSA-2005:201 http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html http://secunia.com/advisories/17318 http://secunia.com/advisories/17322 http://secunia.com/advisories/17345 http://secunia.com/advisories/17390 http://secunia.com/advisories/17666 http://secunia.com/advisories/18549 http://secunia.com/advisories/24479 SuSE Security Announcement: SUSE-SR:2005:025 (Google Search) http://www.securityfocus.com/advisories/9643 SuSE Security Announcement: SUSE-SR:2006:002 (Google Search) http://www.novell.com/linux/security/advisories/2006_02_sr.html https://usn.ubuntu.com/213-1/ http://www.vupen.com/english/advisories/2007/0930
Copyright	Copyright (C) 2008 E-Soft Inc.