|Category:||Red Hat Local Security Checks|
|Title:||RedHat Update for sudo RHSA-2014:0266-01|
|Summary:||The remote host is missing an update for the 'sudo'; package(s) announced via the referenced advisory.|
The remote host is missing an update for the 'sudo'
package(s) announced via the referenced advisory.
The sudo (superuser do) utility allows system administrators to give
certain users the ability to run commands as root.
A flaw was found in the way sudo handled its blacklist of environment
variables. When the 'env_reset' option was disabled, a user permitted to
run certain commands via sudo could use this flaw to run such a command
with one of the blacklisted environment variables set, allowing them to run
an arbitrary command with the target user's privileges. (CVE-2014-0106)
Note: This issue does not affect the default configuration of the sudo
package as shipped with Red Hat Enterprise Linux 5.
Red Hat would like to thank Todd C. Miller for reporting this issue.
Upstream acknowledges Sebastien Macke as the original reporter.
All sudo users are advised to upgrade to this updated package, which
contains a backported patch to correct this issue.
sudo on Red Hat Enterprise Linux (v. 5 server)
Please Install the Updated Packages.
Common Vulnerability Exposure (CVE) ID: CVE-2014-0106|
BugTraq ID: 65997
RedHat Security Advisories: RHSA-2014:0266
SuSE Security Announcement: SUSE-SU-2014:0475 (Google Search)
|Copyright||Copyright (C) 2014 Greenbone Networks GmbH|
|This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.