Vulnerability Solutions
 |
added scans last 7 days |
| The Nimsoft Cloud Monitor Periodic Vulnerability Scan checks for the vulnerability below. To see the most recently added vulnerability solutions that are scanned by WatchMouse, go to the Vulnerability Solutions overview |
| Category: Gentoo Local Security Checks | Risk factor: Medium | Added: 5 Mar 2010 |
| Synopsis: The remote host is missing the GLSA-201003-01 security update. Description: The remote host is affected by the vulnerability described in GLSA-201003-01 (sudo: Privilege escalation) Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command (CVE-2010-0426). Harald Koenig reported that sudo does not properly set supplementary groups when using the "runas_default" option (CVE-2010-0427). Impact A local attacker with privileges to use "sudoedit" or the privilege to execute commands with the "runas_default" setting enabled could leverage these vulnerabilities to execute arbitrary code with elevated privileges. Workaround CVE-2010-0426: Revoke all "sudoedit" privileges, or use the full path to sudoedit. CVE-2010-0427: Remove all occurrences of the "runas_default" setting. See also: http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml Solution: All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p4" Risk factor: Medium / CVSS Base Score : 4.4 (CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P) |
||
