Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:033 (sudo)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.63322

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2009:033 (sudo)

Resumen: The remote host is missing an update to sudo;announced via advisory MDVSA-2009:033.

Descripción: Summary:
The remote host is missing an update to sudo
announced via advisory MDVSA-2009:033.

Vulnerability Insight:
A vulnerability has been identified in sudo which allowed - depending
on the sudoers rules - a sudo-user to execute arbitrary shell commands
as root (CVE-2009-0034).

The updated packages have been patched to prevent this.

Affected: 2008.0, 2008.1, 2009.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0034
1021688
http://www.securitytracker.com/id?1021688
20090129 rPSA-2009-0021-1 sudo
http://www.securityfocus.com/archive/1/500546/100/0/threaded
20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl
http://www.securityfocus.com/archive/1/504849/100/0/threaded
33517
http://www.securityfocus.com/bid/33517
33753
http://secunia.com/advisories/33753
33840
http://secunia.com/advisories/33840
33885
http://secunia.com/advisories/33885
35766
http://secunia.com/advisories/35766
51736
http://osvdb.org/51736
ADV-2009-1865
http://www.vupen.com/english/advisories/2009/1865
MDVSA-2009:033
http://www.mandriva.com/security/advisories?name=MDVSA-2009:033
RHSA-2009:0267
http://www.redhat.com/support/errata/RHSA-2009-0267.html
[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl
http://lists.vmware.com/pipermail/security-announce/2009/000060.html
http://wiki.rpath.com/Advisories:rPSA-2009-0021
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327
http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h
http://www.vmware.com/security/advisories/VMSA-2009-0009.html
https://bugzilla.novell.com/show_bug.cgi?id=468923
https://issues.rpath.com/browse/RPL-2954
oval:org.mitre.oval:def:10856
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856
oval:org.mitre.oval:def:6462
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462

Copyright Copyright (C) 2009 E-Soft Inc.

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.63322
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2009:033 (sudo)
Resumen:	The remote host is missing an update to sudo;announced via advisory MDVSA-2009:033.
Descripción:	Summary: The remote host is missing an update to sudo announced via advisory MDVSA-2009:033. Vulnerability Insight: A vulnerability has been identified in sudo which allowed - depending on the sudoers rules - a sudo-user to execute arbitrary shell commands as root (CVE-2009-0034). The updated packages have been patched to prevent this. Affected: 2008.0, 2008.1, 2009.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0034 1021688 http://www.securitytracker.com/id?1021688 20090129 rPSA-2009-0021-1 sudo http://www.securityfocus.com/archive/1/500546/100/0/threaded 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl http://www.securityfocus.com/archive/1/504849/100/0/threaded 33517 http://www.securityfocus.com/bid/33517 33753 http://secunia.com/advisories/33753 33840 http://secunia.com/advisories/33840 33885 http://secunia.com/advisories/33885 35766 http://secunia.com/advisories/35766 51736 http://osvdb.org/51736 ADV-2009-1865 http://www.vupen.com/english/advisories/2009/1865 MDVSA-2009:033 http://www.mandriva.com/security/advisories?name=MDVSA-2009:033 RHSA-2009:0267 http://www.redhat.com/support/errata/RHSA-2009-0267.html [Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://wiki.rpath.com/Advisories:rPSA-2009-0021 http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327 http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h http://www.vmware.com/security/advisories/VMSA-2009-0009.html https://bugzilla.novell.com/show_bug.cgi?id=468923 https://issues.rpath.com/browse/RPL-2954 oval:org.mitre.oval:def:10856 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856 oval:org.mitre.oval:def:6462 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462
Copyright	Copyright (C) 2009 E-Soft Inc.