Vulnerability Solutions
 |
added scans last 7 days |
| The WatchMouse Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: Debian Local Security Checks | Risk factor: Medium | Added: 5 Mar 2010 |
| Synopsis: The remote host is missing the DSA-2006 security update Description: Several vulnerabilities have been discovered in sudo, a program designed to allow a sysadmin to give limited root privileges to users. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-0426 It was discovered that sudo when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. CVE-2010-0427 It was discovered that sudo when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command. For the stable distribution (lenny), these problems have been fixed in version 1.6.9p17-2+lenny1 See also: http://www.debian.org/security/2010/dsa-2006 Solution: The Debian project recommends that you upgrade your sudo package. Risk factor: Medium / CVSS Base Score : 4.4 (CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P) |
||
