Test ID:	1.3.6.1.4.1.25623.1.0.67561
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:118 (sudo)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to sudo announced via advisory MDVSA-2010:118. A vulnerability has been discovered and corrected in sudo: The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and 1.7.0 through 1.7.2p6 does not properly handle an environment that contains multiple PATH variables, which might allow local users to gain privileges via a crafted value of the last PATH variable (CVE-2010-1646). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:118 Risk factor : High CVSS Score: 6.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1646 1024101 http://www.securitytracker.com/id?1024101 20101027 rPSA-2010-0075-1 sudo http://www.securityfocus.com/archive/1/514489/100/0/threaded 40002 http://secunia.com/advisories/40002 40188 http://secunia.com/advisories/40188 40215 http://secunia.com/advisories/40215 40508 http://secunia.com/advisories/40508 40538 http://www.securityfocus.com/bid/40538 43068 http://secunia.com/advisories/43068 65083 http://www.osvdb.org/65083 ADV-2010-1452 http://www.vupen.com/english/advisories/2010/1452 ADV-2010-1478 http://www.vupen.com/english/advisories/2010/1478 ADV-2010-1518 http://www.vupen.com/english/advisories/2010/1518 ADV-2010-1519 http://www.vupen.com/english/advisories/2010/1519 ADV-2011-0212 http://www.vupen.com/english/advisories/2011/0212 DSA-2062 http://www.debian.org/security/2010/dsa-2062 FEDORA-2010-9402 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/042838.html FEDORA-2010-9415 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043026.html FEDORA-2010-9417 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043012.html GLSA-201009-03 http://security.gentoo.org/glsa/glsa-201009-03.xml MDVSA-2010:118 http://www.mandriva.com/security/advisories?name=MDVSA-2010:118 RHSA-2010:0475 http://www.redhat.com/support/errata/RHSA-2010-0475.html SUSE-SR:2011:002 http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html http://wiki.rpath.com/Advisories:rPSA-2010-0075 http://www.sudo.ws/repos/sudo/rev/3057fde43cf0 http://www.sudo.ws/repos/sudo/rev/a09c6812eaec http://www.sudo.ws/sudo/alerts/secure_path.html https://bugzilla.redhat.com/show_bug.cgi?id=598154 oval:org.mitre.oval:def:10580 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10580 oval:org.mitre.oval:def:7338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7338
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.