Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:052 (sudo)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66974

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:052 (sudo)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to sudo
announced via advisory MDVSA-2010:052.

A vulnerabilitiy has been found and corrected in sudo:

sudo 1.6.x before 1.6.9p21, when the runas_default option is used,
does not properly set group memberships, which allows local users to
gain privileges via a sudo command (CVE-2010-0427).

The updated packages have been patched to correct this issue.

Affected: 2009.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:052

Risk factor : Medium

CVSS Score:
4.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-0427
1023658
http://securitytracker.com/id?1023658
20101027 rPSA-2010-0075-1 sudo
http://www.securityfocus.com/archive/1/514489/100/0/threaded
38762
http://secunia.com/advisories/38762
38795
http://secunia.com/advisories/38795
38803
http://secunia.com/advisories/38803
38915
http://secunia.com/advisories/38915
DSA-2006
http://www.debian.org/security/2010/dsa-2006
GLSA-201003-01
http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml
SUSE-SR:2010:006
http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html
USN-905-1
http://www.ubuntu.com/usn/USN-905-1
[oss-security] 20100223 CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set
http://www.openwall.com/lists/oss-security/2010/02/23/4
[oss-security] 20100224 Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set
http://www.openwall.com/lists/oss-security/2010/02/24/5
ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz
http://sudo.ws/repos/sudo/rev/aa0b6c01c462
http://wiki.rpath.com/Advisories:rPSA-2010-0075
http://www.gratisoft.us/bugzilla/attachment.cgi?id=255
http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349
http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8
https://bugzilla.redhat.com/show_bug.cgi?id=567622
oval:org.mitre.oval:def:10946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946
oval:org.mitre.oval:def:7216
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66974
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:052 (sudo)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sudo announced via advisory MDVSA-2010:052. A vulnerabilitiy has been found and corrected in sudo: sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command (CVE-2010-0427). The updated packages have been patched to correct this issue. Affected: 2009.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:052 Risk factor : Medium CVSS Score: 4.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-0427 1023658 http://securitytracker.com/id?1023658 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 38762 http://secunia.com/advisories/38762 38795 http://secunia.com/advisories/38795 38803 http://secunia.com/advisories/38803 38915 http://secunia.com/advisories/38915 DSA-2006 http://www.debian.org/security/2010/dsa-2006 GLSA-201003-01 http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml SUSE-SR:2010:006 http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00004.html USN-905-1 http://www.ubuntu.com/usn/USN-905-1 [oss-security] 20100223 CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set http://www.openwall.com/lists/oss-security/2010/02/23/4 [oss-security] 20100224 Re: CVE assignment notification -- CVE-2010-0427 -- sudo fails to reset group permissions if runas_default set http://www.openwall.com/lists/oss-security/2010/02/24/5 ftp://ftp.sudo.ws/pub/sudo/sudo-1.6.9p21.patch.gz http://sudo.ws/repos/sudo/rev/aa0b6c01c462 http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.gratisoft.us/bugzilla/attachment.cgi?id=255 http://www.gratisoft.us/bugzilla/show_bug.cgi?id=349 http://www.sudo.ws/cgi-bin/cvsweb/sudo/set_perms.c.diff?r1=1.30.2.7&r2=1.30.2.8 https://bugzilla.redhat.com/show_bug.cgi?id=567622 oval:org.mitre.oval:def:10946 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10946 oval:org.mitre.oval:def:7216 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7216
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com