RHEL 5 : sudo (RHSA-2010:0475)

The remote Redhat Enterprise Linux 5 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2010:0475 advisory. The sudo superuser do utility allows system administrators to give certain users the ability to run commands as root. A flaw was found in the way sud...

[SECURITY] Fedora 13 Update: sudo-1.7.2p6-2.fc13

Sudo superuser do allows a system administrator to give certain users or groups of users the ability to run some or all commands as root while logging all commands and arguments. Sudo operates on a per-command basis. It is not a replacement for the shell. Features include: the ability to restrict...

DEBIAN-CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

Path traversal

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

CVE-2010-1646

CVE-2010-1646 affects the sudo secure_path behavior when an environment contains multiple PATH variables, allowing local privilege escalation. Impact, as described in connected advisories, covers multiple sudo versions: 1.3.1–1.6.9p22 and 1.7.0–1.7.2p6. The root cause is insufficient sanitization...

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

CVE-2010-1646

The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2010 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. VID d42e5b66-6ea0-11df-9c8d-00e0815b8da8 OpenVAS Vulnerability Test $ Description: Auto generated from VID d42e5b66-6ea0-11df-9c8d-00e0815b8da8 Authors: Thomas Reinke Copyright: Copyright c 2010 E-Soft Inc...

FreeBSD : sudo -- Secure path vulnerability (d42e5b66-6ea0-11df-9c8d-00e0815b8da8)

Todd Miller reports : Most versions of the C library function getenv return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell bash, do their own environment parsing and may choose the last instance of a variable rather than the...

GLSA-201006-09 : sudo: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201006-09 sudo: Privilege escalation The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH contains an entry...

sudo -- Secure path vulnerability

Todd Miller reports: Most versions of the C library function getenv return the first instance of an environment variable to the caller. However, some programs, notably the GNU Bourne Again SHell bash, do their own environment parsing and may choose the last instance of a variable rather than the...

sudo: Privilege escalation

Background sudo allows a system administrator to give users the ability to run commands as other users. Description The command matching functionality does not properly handle when a file in the current working directory has the same name as a pseudo-command in the sudoers file and the PATH...

Security fix for the ALT Linux 8 package sudo version 1:1.6.8p12-alt8

June 1, 2010 Dmitry V. Levin 1:1.6.8p12-alt8 - Backported upstream fix for CVE-2010-1163 envreset, ignoredot and securepath sudoers options all had to be explicitly disabled to make an attack possible. - Backported upstream fix for CVE-2010-1646 envreset sudoers option had to be explicitly disabl...

Security fix for the ALT Linux 6 package sudo version 1:1.6.8p12-alt8

June 1, 2010 Dmitry V. Levin 1:1.6.8p12-alt8 - Backported upstream fix for CVE-2010-1163 envreset, ignoredot and securepath sudoers options all had to be explicitly disabled to make an attack possible. - Backported upstream fix for CVE-2010-1646 envreset sudoers option had to be explicitly disabl...

CentOS 5 : sudo (CESA-2010:0361)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

sudo security update

CentOS Errata and Security Advisory CESA-2010:0361 An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base...

RHEL 5 : sudo (RHSA-2010:0361)

An updated sudo package that fixes one security issue is now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...