| |||||||||||||||||||
Pardus alert 2011-31 (sudo)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-31 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-02-12 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A vulnerability was found in sudo, which can be exploited by malicious, local users to perform certain actions with escalated privileges. Description =========== CVE-2011-0010: check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is configured, does not require a password for command execution that involves a gid change but no uid change, which allows local users to bypass an intended authentication requirement via the -g option to a sudo command. Affected packages: Pardus 2009: sudo, all before 1.7.4_p6-29-10 Resolution ========== There are update(s) for sudo. You can update them via Package Manager or with a single command from console: pisi up sudo References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=16188 * http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-... ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||