Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:201 (sudo)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.55768

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:201 (sudo)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to sudo
announced via advisory MDKSA-2005:201.

Tavis Ormandy discovered that sudo does not perform sufficient
environment cleaning
in particular the SHELLOPTS and PS4 variables are
still passed to the program running as an alternate user which can
result in the execution of arbitrary commands as the alternate user
when a bash script is executed.

The updated packages have been patched to correct this problem.

Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:201

Risk factor : Medium

CVSS Score:
4.6

Referencia Cruzada: BugTraq ID: 15191
Common Vulnerability Exposure (CVE) ID: CVE-2005-2959
http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
http://www.securityfocus.com/bid/15191
Cert/CC Advisory: TA07-072A
http://www.us-cert.gov/cas/techalerts/TA07-072A.html
Debian Security Information: DSA-870 (Google Search)
http://www.debian.org/security/2005/dsa-870
http://www.mandriva.com/security/advisories?name=MDKSA-2005:201
http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html
http://secunia.com/advisories/17318
http://secunia.com/advisories/17322
http://secunia.com/advisories/17345
http://secunia.com/advisories/17390
http://secunia.com/advisories/17666
http://secunia.com/advisories/18549
http://secunia.com/advisories/24479
SuSE Security Announcement: SUSE-SR:2005:025 (Google Search)
http://www.securityfocus.com/advisories/9643
SuSE Security Announcement: SUSE-SR:2006:002 (Google Search)
http://www.novell.com/linux/security/advisories/2006_02_sr.html
https://usn.ubuntu.com/213-1/
http://www.vupen.com/english/advisories/2007/0930

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.55768
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:201 (sudo)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sudo announced via advisory MDKSA-2005:201. Tavis Ormandy discovered that sudo does not perform sufficient environment cleaning in particular the SHELLOPTS and PS4 variables are still passed to the program running as an alternate user which can result in the execution of arbitrary commands as the alternate user when a bash script is executed. The updated packages have been patched to correct this problem. Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:201 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	BugTraq ID: 15191 Common Vulnerability Exposure (CVE) ID: CVE-2005-2959 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://www.securityfocus.com/bid/15191 Cert/CC Advisory: TA07-072A http://www.us-cert.gov/cas/techalerts/TA07-072A.html Debian Security Information: DSA-870 (Google Search) http://www.debian.org/security/2005/dsa-870 http://www.mandriva.com/security/advisories?name=MDKSA-2005:201 http://www.openpkg.org/security/OpenPKG-SA-2006.002-sudo.html http://secunia.com/advisories/17318 http://secunia.com/advisories/17322 http://secunia.com/advisories/17345 http://secunia.com/advisories/17390 http://secunia.com/advisories/17666 http://secunia.com/advisories/18549 http://secunia.com/advisories/24479 SuSE Security Announcement: SUSE-SR:2005:025 (Google Search) http://www.securityfocus.com/advisories/9643 SuSE Security Announcement: SUSE-SR:2006:002 (Google Search) http://www.novell.com/linux/security/advisories/2006_02_sr.html https://usn.ubuntu.com/213-1/ http://www.vupen.com/english/advisories/2007/0930
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com