|Category:||FreeBSD Local Security Checks|
|Title:||FreeBSD Ports: sudo|
|Summary:||FreeBSD Ports: sudo|
|Description:||The remote host is missing an update to the system|
as announced in the referenced advisory.
The following package is affected: sudo
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows
local users to gain privileges via the (1) SHELLOPTS and (2) PS4
environment variables before executing a bash script on behalf of
another user, which are not cleared even though other variables are.
Update your system with the appropriate patches or
BugTraq ID: 15191|
Common Vulnerability Exposure (CVE) ID: CVE-2005-2959
Debian Security Information: DSA-870 (Google Search)
SuSE Security Announcement: SUSE-SR:2005:025 (Google Search)
SuSE Security Announcement: SUSE-SR:2006:002 (Google Search)
Cert/CC Advisory: TA07-072A
|Copyright||Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com|
|This is only one of 38907 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.