Test ID:	1.3.6.1.4.1.25623.1.0.68046
Category:	Fedora Local Security Checks
Title:	Fedora Core 13 FEDORA-2010-14355 (sudo)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to sudo announced via advisory FEDORA-2010-14355. Update Information: - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD -> ISC - added env_keep += HOME (see rhbz#614025) for backwards compatibility - added Defaults !visiblepw - fixes CVE-2010-2956 ChangeLog: * Wed Sep 8 2010 Daniel Kopecek - 1.7.4p4-1 - update to new upstream version - sudo now uses /var/db/sudo for timestamps - new command available: sudoreplay - use native audit support - corrected license field value: BSD -> ISC - added env_keep += HOME (see rhbz#614025) for backwards compatibility - added Defaults !visiblepw References: [ 1 ] Bug #628628 - CVE-2010-2956 sudo: incorrect handling of RunAs specification with both user and group lists https://bugzilla.redhat.com/show_bug.cgi?id=628628 Solution: Apply the appropriate updates. This update can be installed with the yum update program. Use su -c 'yum update sudo' at the command line. For more information, refer to Managing Software with yum, available at http://docs.fedoraproject.org/yum/. http://www.securityspace.com/smysecure/catid.html?in=FEDORA-2010-14355 Risk factor : High CVSS Score: 6.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2956 1024392 http://www.securitytracker.com/id?1024392 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 20110105 VMSA-2011-0001 VMware ESX third party updates for Service Console packages glibc, sudo, and openldap http://www.securityfocus.com/archive/1/515545/100/0/threaded 40508 http://secunia.com/advisories/40508 41316 http://secunia.com/advisories/41316 42787 http://secunia.com/advisories/42787 43019 http://www.securityfocus.com/bid/43019 ADV-2010-2312 http://www.vupen.com/english/advisories/2010/2312 ADV-2010-2318 http://www.vupen.com/english/advisories/2010/2318 ADV-2010-2320 http://www.vupen.com/english/advisories/2010/2320 ADV-2010-2358 http://www.vupen.com/english/advisories/2010/2358 ADV-2011-0025 http://www.vupen.com/english/advisories/2011/0025 FEDORA-2010-14355 http://lists.fedoraproject.org/pipermail/package-announce/2010-September/047516.html GLSA-201009-03 http://security.gentoo.org/glsa/glsa-201009-03.xml MDVSA-2010:175 http://www.mandriva.com/security/advisories?name=MDVSA-2010:175 RHSA-2010:0675 http://www.redhat.com/support/errata/RHSA-2010-0675.html SUSE-SR:2010:017 http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html USN-983-1 http://www.ubuntu.com/usn/USN-983-1 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.sudo.ws/sudo/alerts/runas_group.html http://www.vmware.com/security/advisories/VMSA-2011-0001.html https://bugzilla.redhat.com/show_bug.cgi?id=628628
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.