This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default
A privilege escalation flaw was found in the way sudo handled the
sudoedit pseudo-command. If a local user were authorized by the
sudoers file to use this pseudo-command, they could possibly leverage
this flaw to execute arbitrary code with the privileges of the root
The sudo utility did not properly initialize supplementary groups when
the 'runas_default' option (in the sudoers file) was used. If a local
user were authorized by the sudoers file to perform their sudo
commands under the account specified with 'runas_default', they would
receive the root user's supplementary groups instead of those of the
intended target user, giving them unintended privileges.
See also :
Update the affected sudo package.
Risk factor :
Medium / CVSS Base Score : 6.9
Public Exploit Available : true