ID de Prueba:	1.3.6.1.4.1.25623.1.0.67634
Categoría:	Debian Local Security Checks
Título:	Debian Security Advisory DSA 2062-1 (sudo)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sudo announced via advisory DSA 2062-1. Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. For the stable distribution (lenny), this problem has been fixed in version 1.6.9p17-3 For the unstable distribution (sid), this problem has been fixed in version 1.7.2p7-1, and will migrate to the testing distribution (squeeze) shortly. We recommend that you upgrade your sudo package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%202062-1 CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1646 BugTraq ID: 40538 http://www.securityfocus.com/bid/40538 Bugtraq: 20101027 rPSA-2010-0075-1 sudo (Google Search) http://www.securityfocus.com/archive/1/514489/100/0/threaded Debian Security Information: DSA-2062 (Google Search) http://www.debian.org/security/2010/dsa-2062 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html http://security.gentoo.org/glsa/glsa-201009-03.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:118 http://www.osvdb.org/65083 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338 http://www.redhat.com/support/errata/RHSA-2010-0475.html http://www.securitytracker.com/id?1024101 http://secunia.com/advisories/40002 http://secunia.com/advisories/40188 http://secunia.com/advisories/40215 http://secunia.com/advisories/40508 http://secunia.com/advisories/43068 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.vupen.com/english/advisories/2010/1452 http://www.vupen.com/english/advisories/2010/1478 http://www.vupen.com/english/advisories/2010/1518 http://www.vupen.com/english/advisories/2010/1519 http://www.vupen.com/english/advisories/2011/0212
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.