22 matches found
MiracleLinux 3 : sudo-1.7.2p1-7.AXS3 (AXSA:2010-366:04)
The remote MiracleLinux 3 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2010-366:04 advisory. Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all...
openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)
This update of sudo fixes : - CVE-2011-0010: Does ask for the user password for GID changes now. - CVE-2010-1646: CVSS v2 Base Score: 6.6 CWE-264: The secure environment option can handle multiple occurrence of PATH now. - CVE-2010-1163: CVSS v2 Base Score: 6.9 CWE-20: Improved command matching...
Scientific Linux Security Update : sudo on SL5.x i386/x86_64
A flaw was found in the way sudo handled the presence of duplicated environment variables. A local user authorized to run commands using sudo could use this flaw to set additional values for the environment variables set by sudo, which could result in those values being used by the executed comma...
CentOS Update for sudo CESA-2010:0475 centos5 i386
Check for the Version of sudo OpenVAS Vulnerability Test CentOS Update for sudo CESA-2010:0475 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
CentOS Update for sudo CESA-2010:0475 centos5 i386
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
openSUSE Security Update : sudo (openSUSE-SU-2011:0050-1)
This update of sudo fixes : - CVE-2011-0010: Does ask for the user password for GID changes now. - CVE-2010-1646: CVSS v2 Base Score: 6.6 CWE-264: The secure environment option can handle multiple occurrence of PATH now. - CVE-2010-1163: CVSS v2 Base Score: 6.9 CWE-20: Improved command matching...
VMSA-2010-0015 : VMware ESX third-party updates for Service Console
a. Service Console update for NSSdb The service console package NSSdb is updated to version nssdb-2.2-35.4.el55. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2010-0826 to this issue. b. Service Console update for OpenLDAP The service console package...
Fedora 13 : sudo-1.7.2p6-2.fc13 (2010-9402)
added patch that fixes insufficient environment sanitization issue CVE-2010-1646 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora 12 : sudo-1.7.2p6-2.fc12 (2010-9415)
added patch that fixes insufficient environment sanitization issue CVE-2010-1646 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
Fedora Update for sudo FEDORA-2010-9417
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Fedora Update for sudo FEDORA-2010-9415
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
Debian DSA-2062-1 : sudo - missing input sanitization
Anders Kaseorg and Evan Broder discovered a vulnerability in sudo, a program designed to allow a sysadmin to give limited root privileges to users, that allows a user with sudo permissions on certain programs to use those programs with an untrusted value of PATH. This could possibly lead to certa...
[ MDVSA-2010:118 ] sudo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2010:118 http://www.mandriva.com/security/ Package : sudo Date : June 17, 2010 Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discover...
Mandriva Update for sudo MDVSA-2010:118 (sudo)
Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2010:118 sudo Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...
Fedora Update for sudo FEDORA-2010-9402
The remote host is missing an update for the SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...
[SECURITY] [DSA 2062-1] New sudo packages fix environment sanitization bypass vulnerability
------------------------------------------------------------------------ Debian Security Advisory DSA-2062-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 17, 2010 http://www.debian.org/security/faq -...
RHEL 5 : sudo (RHSA-2010:0475)
The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2010:0475 advisory. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sud...
CVE-2010-1646
CVE-2010-1646 affects the sudo secure_path behavior when an environment contains multiple PATH variables, allowing local privilege escalation. Impact, as described in connected advisories, covers multiple sudo versions: 1.3.1–1.6.9p22 and 1.7.0–1.7.2p6. The root cause is insufficient sanitization...
CVE-2010-1646
The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...
FreeBSD Ports: sudo
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...