This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-201401-23
(sudo: Privilege escalation)
Multiple vulnerabilities have been found in sudo:
sudo does not correctly validate the controlling terminal on a system
without /proc or when the tty_tickets option is enabled.
sudo does not properly handle the clock when it is set to the epoch.
A local attacker with sudo privileges could connect to the stdin,
stdout, and stderr of the terminal of a user who has authenticated with
sudo, allowing the attacker to hijack the authorization of the other
user. Additionally, a local or physically proximate attacker could set
the system clock to the epoch, bypassing time restrictions on sudo
There is no known workaround at this time.
See also :
All sudo users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-admin/sudo-1.8.6_p7'
Risk factor :
Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 6.0
Public Exploit Available : true
Family: Gentoo Local Security Checks
Nessus Plugin ID: 72078 ()
Bugtraq ID: 582035820762741
CVE ID: CVE-2013-1775CVE-2013-1776CVE-2013-2776CVE-2013-2777
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.