How to Buy
This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing a security update.
CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary
CVE-2010-0427 sudo: Fails to reset group permissions if runas_default
A privilege escalation flaw was found in the way sudo handled the
sudoedit pseudo-command. If a local user were authorized by the
sudoers file to use this pseudo-command, they could possibly leverage
this flaw to execute arbitrary code with the privileges of the root
The sudo utility did not properly initialize supplementary groups when
the 'runas_default' option (in the sudoers file) was used. If a local
user were authorized by the sudoers file to perform their sudo
commands under the account specified with 'runas_default', they would
receive the root user's supplementary groups instead of those of the
intended target user, giving them unintended privileges.
See also :
Update the affected sudo package.
Risk factor :
Medium / CVSS Base Score : 6.9
Public Exploit Available : true
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60739 ()
CVE ID: CVE-2010-0426CVE-2010-0427
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.