SuSE 11 Security Update : sudo (SAT Patch Number 2084)

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

The remote SuSE 11 host is missing a security update.

Description :

This update fixes two security issues :

- Sudo failed to properly reset group permissions, when
'runas_default' option was used. If a local,
unprivileged user was authorized by sudoers file to
perform their sudo commands under default user account,
it could lead to privilege escalation. (CVE-2010-0427 :
CVSS v2 Base Score: 6.6)

- A privilege escalation flaw was found in the way sudo
used to check file paths for pseudocommands. If local,
unprivileged user was authorized by sudoers file to edit
one or more files, it could lead to execution of
arbitrary code, with the privileges of privileged system
user (root). (CVE-2010-0426 : CVSS v2 Base Score: 6.6)

See also :

https://bugzilla.novell.com/show_bug.cgi?id=582555
https://bugzilla.novell.com/show_bug.cgi?id=582556
http://support.novell.com/security/cve/CVE-2010-0426.html
http://support.novell.com/security/cve/CVE-2010-0427.html

Solution :

Apply SAT patch number 2084.

Risk factor :

Medium / CVSS Base Score : 6.9
(CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 45014 ()

Bugtraq ID:

CVE ID: CVE-2010-0426
CVE-2010-0427

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now