ID de Prueba:	1.3.6.1.4.1.25623.1.0.880570
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for sudo CESA-2010:0361 centos5 i386
Resumen:	The remote host is missing an update for the 'sudo'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'sudo' package(s) announced via the referenced advisory. Vulnerability Insight: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the '/etc/sudoers' configuration file. This ability introduced a regression in the upstream fix for CVE-2010-0426. In configurations where the ignore_dot option was set to off (the default is on for the Red Hat Enterprise Linux 5 sudo package), a local user authorized to use the sudoedit pseudo-command could possibly run arbitrary commands with the privileges of the users sudoedit was authorized to run as. (CVE-2010-1163) Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna as the original reporter. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: sudo on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1163 20100419 sudoedit local privilege escalation through PATH manipulation http://www.securityfocus.com/archive/1/510827/100/0/threaded 20100420 Re: sudoedit local privilege escalation through PATH manipulation http://www.securityfocus.com/archive/1/510846/100/0/threaded 20100422 Re: sudoedit local privilege escalation through PATH manipulation http://www.securityfocus.com/archive/1/510880/100/0/threaded 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 39384 http://secunia.com/advisories/39384 39399 http://secunia.com/advisories/39399 39468 http://www.securityfocus.com/bid/39468 39474 http://secunia.com/advisories/39474 39543 http://secunia.com/advisories/39543 43068 http://secunia.com/advisories/43068 63878 http://www.osvdb.org/63878 ADV-2010-0881 http://www.vupen.com/english/advisories/2010/0881 ADV-2010-0895 http://www.vupen.com/english/advisories/2010/0895 ADV-2010-0904 http://www.vupen.com/english/advisories/2010/0904 ADV-2010-0949 http://www.vupen.com/english/advisories/2010/0949 ADV-2010-0956 http://www.vupen.com/english/advisories/2010/0956 ADV-2010-1019 http://www.vupen.com/english/advisories/2010/1019 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 FEDORA-2010-6756 http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html MDVSA-2010:078 http://www.mandriva.com/security/advisories?name=MDVSA-2010:078 RHSA-2010:0361 http://www.redhat.com/support/errata/RHSA-2010-0361.html SSA:2010-110-01 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html USN-928-1 http://www.ubuntu.com/usn/USN-928-1 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.sudo.ws/sudo/alerts/sudoedit_escalate2.html oval:org.mitre.oval:def:9382 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382 sudo-sudoefit-privilege-escalation(57836) https://exchange.xforce.ibmcloud.com/vulnerabilities/57836 Common Vulnerability Exposure (CVE) ID: CVE-2010-0426 1023658 http://securitytracker.com/id?1023658 38362 http://www.securityfocus.com/bid/38362 38659 http://secunia.com/advisories/38659 38762 http://secunia.com/advisories/38762 38795 http://secunia.com/advisories/38795 38803 http://secunia.com/advisories/38803 38915 http://secunia.com/advisories/38915 ADV-2010-0450 http://www.vupen.com/english/advisories/2010/0450 DSA-2006 http://www.debian.org/security/2010/dsa-2006 FEDORA-2010-6701 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html FEDORA-2010-6749 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html GLSA-201003-01 http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml MDVSA-2010:049 http://www.mandriva.com/security/advisories?name=MDVSA-2010:049 SUSE-SR:2010:006 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html USN-905-1 http://www.ubuntu.com/usn/USN-905-1 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://sudo.ws/bugs/show_bug.cgi?id=389 http://sudo.ws/repos/sudo/rev/88f3181692fe http://sudo.ws/repos/sudo/rev/f86e1b56d074 http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/ http://www.sudo.ws/sudo/stable.html oval:org.mitre.oval:def:10814 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814 oval:org.mitre.oval:def:7238 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.