|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-142-1 (sudo)|
|Summary:||Ubuntu USN-142-1 (sudo)|
The remote host is missing an update to sudo
announced via advisory USN-142-1.
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected: sudo
Charles Morris discovered a race condition in sudo which could lead to
privilege escalation. If /etc/sudoers allowed a user the execution of
selected programs, and this was followed by another line containing
the pseudo-command ALL, that user could execute arbitrary commands
with sudo by creating symbolic links at a certain time.
Please note that this does not affect a standard Ubuntu installation.
The problem can be corrected by upgrading the affected package to
version 1.6.7p5-1ubuntu4.2 (for Ubuntu 4.10), or 1.6.8p5-1ubuntu2.1
(for Ubuntu 5.04). In general, a standard system upgrade is
sufficient to effect the necessary changes.
Risk factor : Medium
BugTraq ID: 15647|
BugTraq ID: 13993
Common Vulnerability Exposure (CVE) ID: CVE-2005-1993
Bugtraq: 20050620 Sudo version 1.6.8p9 now available, fixes security issue. (Google Search)
Debian Security Information: DSA-735 (Google Search)
SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
XForce ISS Database: sudo-pathname-race-condition(21080)
|Copyright||Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com|
|This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.