Scientific Linux Security Update : sudo on SL5.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing a security update.

Description :

A flaw was found in the way sudo handled the presence of duplicated
environment variables. A local user authorized to run commands using
sudo could use this flaw to set additional values for the environment
variables set by sudo, which could result in those values being used
by the executed command instead of the values set by sudo. This could
possibly lead to certain intended restrictions being bypassed, such as
the secure_path setting. (CVE-2010-1646)

See also :

http://www.nessus.org/u?6a01c9b6

Solution :

Update the affected sudo package.

Risk factor :

Medium / CVSS Base Score : 6.2
(CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60803 ()

Bugtraq ID:

CVE ID: CVE-2010-1646

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial