Test Kennung:	1.3.6.1.4.1.25623.1.0.67303
Kategorie:	Red Hat Local Security Checks
Titel:	RedHat Security Advisory RHSA-2010:0361
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing updates announced in advisory RHSA-2010:0361. The sudo (superuser do) utility allows system administrators to give certain users the ability to run commands as root. The RHBA-2010:0212 sudo update released as part of Red Hat Enterprise Linux 5.5 added the ability to change the value of the ignore_dot option in the /etc/sudoers configuration file. This ability introduced a regression in the upstream fix for CVE-2010-0426. In configurations where the ignore_dot option was set to off (the default is on for the Red Hat Enterprise Linux 5 sudo package), a local user authorized to use the sudoedit pseudo-command could possibly run arbitrary commands with the privileges of the users sudoedit was authorized to run as. (CVE-2010-1163) Red Hat would like to thank Todd C. Miller, the upstream sudo maintainer, for responsibly reporting this issue. Upstream acknowledges Valerio Costamagna as the original reporter. Users of sudo should upgrade to this updated package, which contains a backported patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2010-0361.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.9
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1163 BugTraq ID: 39468 http://www.securityfocus.com/bid/39468 Bugtraq: 20100419 sudoedit local privilege escalation through PATH manipulation (Google Search) http://www.securityfocus.com/archive/1/510827/100/0/threaded Bugtraq: 20100422 Re: sudoedit local privilege escalation through PATH manipulation (Google Search) http://www.securityfocus.com/archive/1/510846/100/0/threaded http://www.securityfocus.com/archive/1/510880/100/0/threaded Bugtraq: 20101027 rPSA-2010-0075-1 sudo (Google Search) http://www.securityfocus.com/archive/1/514489/100/0/threaded http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039986.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:078 http://www.osvdb.org/63878 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9382 http://www.redhat.com/support/errata/RHSA-2010-0361.html http://secunia.com/advisories/39384 http://secunia.com/advisories/39399 http://secunia.com/advisories/39474 http://secunia.com/advisories/39543 http://secunia.com/advisories/43068 http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.577019 SuSE Security Announcement: SUSE-SR:2011:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://www.ubuntu.com/usn/USN-928-1 http://www.vupen.com/english/advisories/2010/0881 http://www.vupen.com/english/advisories/2010/0895 http://www.vupen.com/english/advisories/2010/0904 http://www.vupen.com/english/advisories/2010/0949 http://www.vupen.com/english/advisories/2010/0956 http://www.vupen.com/english/advisories/2010/1019 http://www.vupen.com/english/advisories/2011/0212 XForce ISS Database: sudo-sudoefit-privilege-escalation(57836) https://exchange.xforce.ibmcloud.com/vulnerabilities/57836 Common Vulnerability Exposure (CVE) ID: CVE-2010-0426 BugTraq ID: 38362 http://www.securityfocus.com/bid/38362 Debian Security Information: DSA-2006 (Google Search) http://www.debian.org/security/2010/dsa-2006 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040578.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040588.html http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:049 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=570737 http://www.linuxquestions.org/questions/linux-security-4/the-use-of-sudoedit-command-question-785442/ https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10814 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7238 http://securitytracker.com/id?1023658 http://secunia.com/advisories/38659 http://secunia.com/advisories/38762 http://secunia.com/advisories/38795 http://secunia.com/advisories/38803 http://secunia.com/advisories/38915 SuSE Security Announcement: SUSE-SR:2010:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html http://www.ubuntu.com/usn/USN-905-1 http://www.vupen.com/english/advisories/2010/0450
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.