FreeBSD Local Security Checks : FreeBSD Ports: sudo

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63362

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: sudo

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: sudo

CVE-2009-0034
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret
a system group (aka %group) in the sudoers file during authorization
decisions for a user who belongs to that group, which allows local
users to leverage an applicable sudoers file and gain root privileges
via a sudo command.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0034
1021688
http://www.securitytracker.com/id?1021688
20090129 rPSA-2009-0021-1 sudo
http://www.securityfocus.com/archive/1/500546/100/0/threaded
20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl
http://www.securityfocus.com/archive/1/504849/100/0/threaded
33517
http://www.securityfocus.com/bid/33517
33753
http://secunia.com/advisories/33753
33840
http://secunia.com/advisories/33840
33885
http://secunia.com/advisories/33885
35766
http://secunia.com/advisories/35766
51736
http://osvdb.org/51736
ADV-2009-1865
http://www.vupen.com/english/advisories/2009/1865
MDVSA-2009:033
http://www.mandriva.com/security/advisories?name=MDVSA-2009:033
RHSA-2009:0267
http://www.redhat.com/support/errata/RHSA-2009-0267.html
[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://wiki.rpath.com/Advisories:rPSA-2009-0021
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
https://bugzilla.novell.com/show_bug.cgi?id=468923
https://issues.rpath.com/browse/RPL-2954
oval:org.mitre.oval:def:10856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856
oval:org.mitre.oval:def:6462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63362
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: sudo
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: sudo CVE-2009-0034 parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0034 1021688 http://www.securitytracker.com/id?1021688 20090129 rPSA-2009-0021-1 sudo http://www.securityfocus.com/archive/1/500546/100/0/threaded 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl http://www.securityfocus.com/archive/1/504849/100/0/threaded 33517 http://www.securityfocus.com/bid/33517 33753 http://secunia.com/advisories/33753 33840 http://secunia.com/advisories/33840 33885 http://secunia.com/advisories/33885 35766 http://secunia.com/advisories/35766 51736 http://osvdb.org/51736 ADV-2009-1865 http://www.vupen.com/english/advisories/2009/1865 MDVSA-2009:033 http://www.mandriva.com/security/advisories?name=MDVSA-2009:033 RHSA-2009:0267 http://www.redhat.com/support/errata/RHSA-2009-0267.html [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://wiki.rpath.com/Advisories:rPSA-2009-0021 http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327 http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h http://www.vmware.com/security/advisories/VMSA-2009-0009.html https://bugzilla.novell.com/show_bug.cgi?id=468923 https://issues.rpath.com/browse/RPL-2954 oval:org.mitre.oval:def:10856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856 oval:org.mitre.oval:def:6462 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462
Copyright	Copyright (C) 2009 E-Soft Inc.