Mandrake Linux Security Advisory : sudo (MDKSA-2002:003)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

The SuSE Security Team discovered a vulnerability in sudo that can be
exploited to obtain root privilege because sudo is installed setuid
root. An attacker could trick sudo to log failed sudo calls executing
the sendmail (or equivalent mailer) program with root privileges and
an environment that is not completely clean. This problem has been
fixed upstream by the author in sudo 1.6.4 and it is highly
recommended that all users upgrade regardless of what mailer you are
using.

Solution :

Update the affected sudo package.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13911 (mandrake_MDKSA-2002-003.nasl)

Bugtraq ID:

CVE ID: CVE-2002-0043

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now