ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2020.0081
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2020-0081)
Resumen:	The remote host is missing an update for the 'sudo' package(s) announced via the MGASA-2020-0081 advisory.
Descripción:	Summary: The remote host is missing an update for the 'sudo' package(s) announced via the MGASA-2020-0081 advisory. Vulnerability Insight: The updated packages fix a security vulnerability: In Sudo before 1.8.31, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS, however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. (CVE-2019-18634) Affected Software/OS: 'sudo' package(s) on Mageia 7. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2019-18634 Bugtraq: 20200129 APPLE-SA-2020-1-28-2 macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra (Google Search) https://seclists.org/bugtraq/2020/Jan/44 Bugtraq: 20200203 [SECURITY] [DSA 4614-1] sudo security update (Google Search) https://seclists.org/bugtraq/2020/Feb/2 Bugtraq: 20200203 [slackware-security] sudo (SSA:2020-031-01) (Google Search) https://seclists.org/bugtraq/2020/Feb/3 Debian Security Information: DSA-4614 (Google Search) https://www.debian.org/security/2020/dsa-4614 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/ http://seclists.org/fulldisclosure/2020/Jan/40 https://security.gentoo.org/glsa/202003-12 http://packetstormsecurity.com/files/156174/Slackware-Security-Advisory-sudo-Updates.html http://packetstormsecurity.com/files/156189/Sudo-1.8.25p-Buffer-Overflow.html https://www.sudo.ws/security.html https://lists.debian.org/debian-lts-announce/2020/02/msg00002.html http://www.openwall.com/lists/oss-security/2020/01/30/6 http://www.openwall.com/lists/oss-security/2020/01/31/1 http://www.openwall.com/lists/oss-security/2020/02/05/2 http://www.openwall.com/lists/oss-security/2020/02/05/5 RedHat Security Advisories: RHSA-2020:0487 https://access.redhat.com/errata/RHSA-2020:0487 RedHat Security Advisories: RHSA-2020:0509 https://access.redhat.com/errata/RHSA-2020:0509 RedHat Security Advisories: RHSA-2020:0540 https://access.redhat.com/errata/RHSA-2020:0540 RedHat Security Advisories: RHSA-2020:0726 https://access.redhat.com/errata/RHSA-2020:0726 SuSE Security Announcement: openSUSE-SU-2020:0244 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-02/msg00029.html https://usn.ubuntu.com/4263-1/ https://usn.ubuntu.com/4263-2/
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.