Ubuntu Security Notice (C) 2010-2014 Canonical, Inc. / NASL script (C) 2010-2014 Tenable Network Security, Inc.
The remote Ubuntu host is missing one or more security-related patches.
Evan Broder and Anders Kaseorg discovered that sudo did not properly
sanitize its environment when configured to use secure_path (the
default in Ubuntu). A local attacker could exploit this to execute
arbitrary code as root if sudo was configured to allow the attacker to
use a program that interpreted the PATH environment variable.
Update the affected sudo and / or sudo-ldap packages.
Risk factor :
Medium / CVSS Base Score : 6.2
CVSS Temporal Score : 5.4
Public Exploit Available : true