ID de Prueba:	1.3.6.1.4.1.25623.1.0.880638
Categoría:	CentOS Local Security Checks
Título:	CentOS Update for sudo CESA-2010:0475 centos5 i386
Resumen:	The remote host is missing an update for the 'sudo'; package(s) announced via the referenced advisory.
Descripción:	Summary: The remote host is missing an update for the 'sudo' package(s) announced via the referenced advisory. Vulnerability Insight: The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed command instead of the values set by sudo. This could possibly lead to certain intended restrictions being bypassed, such as the secure_path setting. (CVE-2010-1646) Red Hat would like to thank Anders Kaseorg and Evan Broder of Ksplice, Inc. for responsibly reporting this issue. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. Affected Software/OS: sudo on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.2 CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1646 1024101 http://www.securitytracker.com/id?1024101 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 40002 http://secunia.com/advisories/40002 40188 http://secunia.com/advisories/40188 40215 http://secunia.com/advisories/40215 40508 http://secunia.com/advisories/40508 40538 http://www.securityfocus.com/bid/40538 43068 http://secunia.com/advisories/43068 65083 http://www.osvdb.org/65083 ADV-2010-1452 http://www.vupen.com/english/advisories/2010/1452 ADV-2010-1478 http://www.vupen.com/english/advisories/2010/1478 ADV-2010-1518 http://www.vupen.com/english/advisories/2010/1518 ADV-2010-1519 http://www.vupen.com/english/advisories/2010/1519 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 DSA-2062 http://www.debian.org/security/2010/dsa-2062 FEDORA-2010-9402 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html FEDORA-2010-9415 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html FEDORA-2010-9417 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html GLSA-201009-03 http://security.gentoo.org/glsa/glsa-201009-03.xml MDVSA-2010:118 http://www.mandriva.com/security/advisories?name=MDVSA-2010:118 RHSA-2010:0475 http://www.redhat.com/support/errata/RHSA-2010-0475.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.sudo.ws/repos/sudo/rev/3057fde43cf0 http://www.sudo.ws/repos/sudo/rev/a09c6812eaec http://www.sudo.ws/sudo/alerts/secure_path.html https://bugzilla.redhat.com/show_bug.cgi?id=598154 oval:org.mitre.oval:def:10580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580 oval:org.mitre.oval:def:7338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338
Copyright	Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.