openSUSE Security Update : sudo (sudo-2083)

This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update fixes two security issues :

- CVE-2010-0427:CVSS v2 Base Score: 6.6 Sudo failed to
properly reset group permissions, when 'runas_default'
option was used. If a local, unprivileged user was
authorized by sudoers file to perform their sudo
commands under default user account, it could lead to
privilege escalation CVE-2010-0426:CVSS v2 Base Score:
6.6 A privilege escalation flaw was found in the way
sudo used to check file paths for pseudocommands. If
local, unprivileged user was authorized by sudoers file
to edit one or more files, it could lead to execution of
arbitrary code, with the privileges of privileged system
user (root).

See also :

https://bugzilla.novell.com/show_bug.cgi?id=582555
https://bugzilla.novell.com/show_bug.cgi?id=582556

Solution :

Update the affected sudo package.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 45013 ()

Bugtraq ID:

CVE ID: CVE-2010-0426
CVE-2010-0427

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now