Soluciones para vulnerabilidades
 |
exploraciones de últimos 7 días |
| La exploración de vulnerabilidades periódica de Nimsoft Cloud Monitor busca la vulnerabilidad siguiente. Para ver las soluciones añadidas más recientemente que Nimsoft Cloud Monitor explora, visite Soluciones para vulnerabilidades. |
| Categoría: Gentoo Local Security Checks | Factor de riesgo: Medium | Añadido: 5 mar 2010 |
| Synopsis: The remote host is missing the GLSA-201003-01 security update. Description: The remote host is affected by the vulnerability described in GLSA-201003-01 (sudo: Privilege escalation) Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the "sudoedit" pseudo-command (CVE-2010-0426). Harald Koenig reported that sudo does not properly set supplementary groups when using the "runas_default" option (CVE-2010-0427). Impact A local attacker with privileges to use "sudoedit" or the privilege to execute commands with the "runas_default" setting enabled could leverage these vulnerabilities to execute arbitrary code with elevated privileges. Workaround CVE-2010-0426: Revoke all "sudoedit" privileges, or use the full path to sudoedit. CVE-2010-0427: Remove all occurrences of the "runas_default" setting. See also: http://www.gentoo.org/security/en/glsa/glsa-201003-01.xml Solution: All sudo users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/sudo-1.7.2_p4" Risk factor: Medium / CVSS Base Score : 4.4 (CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P) |
||
