| |||||||||||||||||||
Pardus alert 2010-38 (sudo)
------------------------------------------------------------------------ Pardus Linux Security Advisory 2010-38 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2010-03-09 Severity: 3 Type: Local ------------------------------------------------------------------------ Summary ======= A security issue has been fixed in sudo, which can be exploited by malicious, local users to gain escalated privileges. Description =========== CVE-2010-0426: Sudo, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by a file named sudoedit in a user's home directory. Affected packages: Pardus 2009: sudo, all before 1.7.1-25-6 Resolution ========== There are update(s) for sudo. You can update them via Package Manager or with a single command from console: pisi up sudo References ========== * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0426 * http://bugs.pardus.org.tr/show_bug.cgi?id=12352 ------------------------------------------------------------------------ _______________________________________________ Pardus-security mailing list Pardus-security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security (Log in to post comments)
|
|||||||||||||||||||